Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Whats New in OSSIM v2.2?


Published on

New Features and Enhancements
- New Installer
- Enhanced Usability
- New Vulnerability Management Interface
- ISO & PCI Compliance
- Unified Report Manager
- Asset Management, Search and Reporting
- SIEM Forensic Console Enhancements
- Full PCI Wireless Security compliance
- Netflow Analysis
- New data sources
- New menu organization
- Multiclient
- Logger
- Higher Performance and Increased Storage ||

Published in: Technology
  • Be the first to comment

Whats New in OSSIM v2.2?

  1. 1. What’s New in OSSIM 2.2?<br /><br />February 2009<br />Juan Manuel Lorenzo (<br />
  2. 2. New Features and Enhancements<br />OSSIM 2.2<br />
  3. 3. Index<br />New Features and Enhancements <br />New Installer<br />Enhanced Usability<br />New Vulnerability Management Interface<br />ISO & PCI Compliance<br />Unified Report Manager<br />Asset Management, Search and Reporting<br />SIEM Forensic Console Enhancements<br />Full PCI Wireless Security compliance<br />Netflow Analysis<br />New data sources<br />New menu organization<br />Multiclient<br />Logger<br />Higher Performance and Increased Storage<br />Upcoming Work<br />3<br />
  4. 4. New installer<br />32-bit and 64-bit version<br />Graphical installer<br />Unattended installation<br />VPN auto-setup<br />Firewall auto-setup<br />Update process improved<br />Full Multi-profile<br />Automatic configuration of OSSIM Components<br />HTTPS enabled by default<br />Software Upgraded<br />Packet capture improved (Pfring 1.0 in 32-bit and 64- bit version)<br />4<br />
  5. 5. New Installer<br />Upgraded Software <br />Linux Kernel 2.6.31<br />Support for newest devices<br />MySQL 5.1<br />Greater performance and partitioning support<br />Pfring 4.0<br />PF_RING can be used with vanilla kernels (no kernel patch required).<br />OSSEC 2.3.1<br />Real time file integrity monitoring on Windows systems<br />Support for monitoring the commands output (process monitoring)<br />Openvas 3.0<br />WMI clients support<br />New internal module architecture<br />5<br />
  6. 6. Enhanced Usability<br />Easy access to a broad range of information about any host or network:<br />Asset Report<br />Alarms<br />SIEM<br />Logger<br />Ticketing system<br />Knowledge DB<br />Vulnerabilities<br />Network Monitor<br />Availability Monitor<br />Right-click on any IP address or Network to see the contextual menu<br />6<br />
  7. 7. Enhanced Usability<br />Ease of use<br />Analysis/Monitoring, reporting and configuration have been separated into different tabs.<br />Advanced options and complex configurations have been separated from simple configuration options.<br />Help<br />Each panel has it&apos;s own link to the documentation/help<br />7<br />
  8. 8. Enhanced Usability<br />User templates<br />Simplifies permission assignment to users in OSSIM.<br />Floating Windows<br />New floating Windows are now being used to help navigation within the web interface.<br />8<br />
  9. 9. New Vulnerability Management Interface<br />Schedule Scans<br />Scanning profiles<br />Scan summary<br />Threats database<br />Predefined Scanning Profiles<br />Reporting in HTML, PDF and XLS<br />Monitor Scan status in Real Time<br />Vulnerability Scanner Web configuration<br />9<br />
  10. 10. New Vulnerability Management Interface<br />Monitor Scan status in Real Time<br />Schedule Scan<br />10<br />
  11. 11. New Vulnerability Management Interface<br />Vulnerability Scanner Reports<br />11<br />EXCEL<br />PDF<br />HTML<br />
  12. 12. ISO & PCI Compliance<br />Automated PCI DSS and ISO 27001 Compliance reporting including:<br />Threat overview<br />Business real impact risks<br />C.I.A Potential impact<br />PCI-DSS<br />Trends<br />ISO27002 Potential impact<br />ISO27001<br />Directives mapped to compliance control objectives<br /> <br />12<br />
  13. 13. Unified Report Manager<br />Report Management system built on JasperServer<br />Reports in PDF, RTF, and HTML Format<br />Reports can be sent via e-mail from the Web Interface<br />Time frame selection when generating reports<br />13<br />
  14. 14. Unified Report Manager<br />Access all reports from a single centralized location<br />Available reports:<br />Asset Report<br />SIEM Events<br />Logger<br />Alarms<br />Business & Compliance ISO PCI<br />Metrics Report<br />Geographic Report<br />User activity<br />14<br />
  15. 15. Unified Report Manager<br />Content selection for each report<br />Customizable Reports<br />15<br />
  16. 16. Asset Management, Search and Reporting<br />16<br />Asset Search<br />Find all Assets matching certain criteria<br />Date frame Selection<br />Save predefined searches<br />Advanced searches<br />Auto completion<br />
  17. 17. Asset Management, Search and Reporting<br />17<br />Advanced Asset Search<br />Use logical Operators to combine search criteria<br />Predefined Search Criterias<br />Advanced searches<br />Multiple Options in each criteria<br />Auto completion<br />
  18. 18. Asset Management, Search and Reporting<br />18<br />Asset Report<br />Shows all the information regarding a host or network that can be found in OSSIM<br />
  19. 19. SIEM Forensic Console Enhancements<br />SIEM Forensic Database redesigned<br />Faster analysis<br />Storage capacity increased<br />Search Engine optimized<br />Logical Search (Using AND & OR operators)<br />Export query results in PDF Format<br />New filters<br />Filter by country<br />Filter by local networks<br />Time frame selection using a calendar<br />Extended information using event references <br />19<br />
  20. 20. SIEM Forensic Console Enhancements<br />Search using AND & OR (IP and Signature)<br />Export query results in PDF Format<br />20<br />
  21. 21. SIEM Forensic Console Enhancements<br />Event geo-localization statistics<br />Time frame selection<br />21<br />
  22. 22. Full PCI Wireless Security compliance<br />Implements the necessary controls for a full Wireless PCI Compliance.<br />Reporting System and Wireless IDS (Kismet)<br />Reports:<br />Networks<br />Cloaked Networks having uncloaked AP’s<br />Encrypted Networks having unencrypted AP’s<br />Networks using weak encryptions<br />Suspicious clients<br />22<br />
  23. 23. Netflow Analysis<br />Netflow monitoring and management<br />Integration of Nfdump and Nfsen<br />Netflow collection from network devices<br />Fprobe auto-configured to collect logs in the OSSIM collectors.<br />23<br />
  24. 24. Netflow Analysis<br />Easy configuration interface<br />Complex Netflow Analysis and plugin support<br />24<br />
  25. 25. New data sources <br />Cisco SDEE<br />Application level communications protocol that is used to exchange events in Cisco Devices<br />Snort Unified2<br />Snort 3.0 and Suricata Engine supported<br />WMI Agentless Collection<br />Windows Management Instrumentation<br />New supported devices and applications<br />Astaro, Vyatta, Siteprotector, TippingPoint, Juniper VPN, RedBack, Netscreen IDP, Kismet, LucentBrick,...<br />25<br />
  26. 26. New Menu Organization<br />Dashboards<br />High level information: charts, graphs, and risk maps.<br />Incidents<br />Medium level information: Alarms, Ticketing system and Knowledge DB<br />Analysis<br />Low level information: SIEM Events (Data mining), Logger and vulnerabilities<br />Reports<br />Report Manager <br />Assets<br />Inventory, Asset Search and OSSIM Components<br />26<br />
  27. 27. New Menu Organization<br />Intelligence<br />Policy, actions, correlation rules and Compliance Mapping<br />Monitors<br />Information in real time: Network, Usage and availability<br />Configuration<br />Users, Collection configuration, and Database Upgrades<br />Tools<br />Backup, Tools Download, and Network Discovery system<br />27<br />
  28. 28. Multiclient<br />Multi Company/Department management capabilities<br />Multi-hierarchical deployments <br />28<br />Only available when using Alienvault professional SIEM<br />
  29. 29. Logger<br />New graphs and statistics<br />Reports on the information stored in the Logger<br />Logical operators in Logger Search<br />Fastest access to the information stored in the Logger<br />29<br />Only available when using Alienvault professional SIEM<br />
  30. 30. Logger<br />Select the time frame easily clicking on graphs or using a calendar<br />Digitally signed logs can be exported to be verified using an external application<br />Improved search syntax<br />30<br />Only in Alienvault Professional SIEM<br />
  31. 31. Higher Performance and Increased Storage<br />Database redesigned to increase performance and storage capacity.<br />Improved Multithread support in OSSIM Server<br />Multi-insertion to reduce database queries<br />Faster processing of events<br />31<br />Only available when using Alienvault professional SIEM<br />
  32. 32. Upcoming Work<br />
  33. 33. Upcoming work<br />NAC ( Network Access Control)<br />Asset auto-discovery<br />HIDS Management console<br />Collectors Management console<br />New correlation capabilities<br />DLP (Data Loss Prevention)<br />Improve Nagios Integration<br />33<br />