Whats New in OSSIM v2.2?


Published on

New Features and Enhancements
- New Installer
- Enhanced Usability
- New Vulnerability Management Interface
- ISO & PCI Compliance
- Unified Report Manager
- Asset Management, Search and Reporting
- SIEM Forensic Console Enhancements
- Full PCI Wireless Security compliance
- Netflow Analysis
- New data sources
- New menu organization
- Multiclient
- Logger
- Higher Performance and Increased Storage

http://www.alienvault.com || http://www.ossim.net

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Whats New in OSSIM v2.2?

  1. 1. What’s New in OSSIM 2.2?<br />http://www.alienvault.com<br />February 2009<br />Juan Manuel Lorenzo (jmlorenzo@alienvault.com)<br />
  2. 2. New Features and Enhancements<br />OSSIM 2.2<br />
  3. 3. Index<br />New Features and Enhancements <br />New Installer<br />Enhanced Usability<br />New Vulnerability Management Interface<br />ISO & PCI Compliance<br />Unified Report Manager<br />Asset Management, Search and Reporting<br />SIEM Forensic Console Enhancements<br />Full PCI Wireless Security compliance<br />Netflow Analysis<br />New data sources<br />New menu organization<br />Multiclient<br />Logger<br />Higher Performance and Increased Storage<br />Upcoming Work<br />3<br />
  4. 4. New installer<br />32-bit and 64-bit version<br />Graphical installer<br />Unattended installation<br />VPN auto-setup<br />Firewall auto-setup<br />Update process improved<br />Full Multi-profile<br />Automatic configuration of OSSIM Components<br />HTTPS enabled by default<br />Software Upgraded<br />Packet capture improved (Pfring 1.0 in 32-bit and 64- bit version)<br />4<br />
  5. 5. New Installer<br />Upgraded Software <br />Linux Kernel 2.6.31<br />Support for newest devices<br />MySQL 5.1<br />Greater performance and partitioning support<br />Pfring 4.0<br />PF_RING can be used with vanilla kernels (no kernel patch required).<br />OSSEC 2.3.1<br />Real time file integrity monitoring on Windows systems<br />Support for monitoring the commands output (process monitoring)<br />Openvas 3.0<br />WMI clients support<br />New internal module architecture<br />5<br />
  6. 6. Enhanced Usability<br />Easy access to a broad range of information about any host or network:<br />Asset Report<br />Alarms<br />SIEM<br />Logger<br />Ticketing system<br />Knowledge DB<br />Vulnerabilities<br />Network Monitor<br />Availability Monitor<br />Right-click on any IP address or Network to see the contextual menu<br />6<br />
  7. 7. Enhanced Usability<br />Ease of use<br />Analysis/Monitoring, reporting and configuration have been separated into different tabs.<br />Advanced options and complex configurations have been separated from simple configuration options.<br />Help<br />Each panel has it&apos;s own link to the documentation/help<br />7<br />
  8. 8. Enhanced Usability<br />User templates<br />Simplifies permission assignment to users in OSSIM.<br />Floating Windows<br />New floating Windows are now being used to help navigation within the web interface.<br />8<br />
  9. 9. New Vulnerability Management Interface<br />Schedule Scans<br />Scanning profiles<br />Scan summary<br />Threats database<br />Predefined Scanning Profiles<br />Reporting in HTML, PDF and XLS<br />Monitor Scan status in Real Time<br />Vulnerability Scanner Web configuration<br />9<br />
  10. 10. New Vulnerability Management Interface<br />Monitor Scan status in Real Time<br />Schedule Scan<br />10<br />
  11. 11. New Vulnerability Management Interface<br />Vulnerability Scanner Reports<br />11<br />EXCEL<br />PDF<br />HTML<br />
  12. 12. ISO & PCI Compliance<br />Automated PCI DSS and ISO 27001 Compliance reporting including:<br />Threat overview<br />Business real impact risks<br />C.I.A Potential impact<br />PCI-DSS<br />Trends<br />ISO27002 Potential impact<br />ISO27001<br />Directives mapped to compliance control objectives<br /> <br />12<br />
  13. 13. Unified Report Manager<br />Report Management system built on JasperServer<br />Reports in PDF, RTF, and HTML Format<br />Reports can be sent via e-mail from the Web Interface<br />Time frame selection when generating reports<br />13<br />
  14. 14. Unified Report Manager<br />Access all reports from a single centralized location<br />Available reports:<br />Asset Report<br />SIEM Events<br />Logger<br />Alarms<br />Business & Compliance ISO PCI<br />Metrics Report<br />Geographic Report<br />User activity<br />14<br />
  15. 15. Unified Report Manager<br />Content selection for each report<br />Customizable Reports<br />15<br />
  16. 16. Asset Management, Search and Reporting<br />16<br />Asset Search<br />Find all Assets matching certain criteria<br />Date frame Selection<br />Save predefined searches<br />Advanced searches<br />Auto completion<br />
  17. 17. Asset Management, Search and Reporting<br />17<br />Advanced Asset Search<br />Use logical Operators to combine search criteria<br />Predefined Search Criterias<br />Advanced searches<br />Multiple Options in each criteria<br />Auto completion<br />
  18. 18. Asset Management, Search and Reporting<br />18<br />Asset Report<br />Shows all the information regarding a host or network that can be found in OSSIM<br />
  19. 19. SIEM Forensic Console Enhancements<br />SIEM Forensic Database redesigned<br />Faster analysis<br />Storage capacity increased<br />Search Engine optimized<br />Logical Search (Using AND & OR operators)<br />Export query results in PDF Format<br />New filters<br />Filter by country<br />Filter by local networks<br />Time frame selection using a calendar<br />Extended information using event references <br />19<br />
  20. 20. SIEM Forensic Console Enhancements<br />Search using AND & OR (IP and Signature)<br />Export query results in PDF Format<br />20<br />
  21. 21. SIEM Forensic Console Enhancements<br />Event geo-localization statistics<br />Time frame selection<br />21<br />
  22. 22. Full PCI Wireless Security compliance<br />Implements the necessary controls for a full Wireless PCI Compliance.<br />Reporting System and Wireless IDS (Kismet)<br />Reports:<br />Networks<br />Cloaked Networks having uncloaked AP’s<br />Encrypted Networks having unencrypted AP’s<br />Networks using weak encryptions<br />Suspicious clients<br />22<br />
  23. 23. Netflow Analysis<br />Netflow monitoring and management<br />Integration of Nfdump and Nfsen<br />Netflow collection from network devices<br />Fprobe auto-configured to collect logs in the OSSIM collectors.<br />23<br />
  24. 24. Netflow Analysis<br />Easy configuration interface<br />Complex Netflow Analysis and plugin support<br />24<br />
  25. 25. New data sources <br />Cisco SDEE<br />Application level communications protocol that is used to exchange events in Cisco Devices<br />Snort Unified2<br />Snort 3.0 and Suricata Engine supported<br />WMI Agentless Collection<br />Windows Management Instrumentation<br />New supported devices and applications<br />Astaro, Vyatta, Siteprotector, TippingPoint, Juniper VPN, RedBack, Netscreen IDP, Kismet, LucentBrick,...<br />25<br />
  26. 26. New Menu Organization<br />Dashboards<br />High level information: charts, graphs, and risk maps.<br />Incidents<br />Medium level information: Alarms, Ticketing system and Knowledge DB<br />Analysis<br />Low level information: SIEM Events (Data mining), Logger and vulnerabilities<br />Reports<br />Report Manager <br />Assets<br />Inventory, Asset Search and OSSIM Components<br />26<br />
  27. 27. New Menu Organization<br />Intelligence<br />Policy, actions, correlation rules and Compliance Mapping<br />Monitors<br />Information in real time: Network, Usage and availability<br />Configuration<br />Users, Collection configuration, and Database Upgrades<br />Tools<br />Backup, Tools Download, and Network Discovery system<br />27<br />
  28. 28. Multiclient<br />Multi Company/Department management capabilities<br />Multi-hierarchical deployments <br />28<br />Only available when using Alienvault professional SIEM<br />
  29. 29. Logger<br />New graphs and statistics<br />Reports on the information stored in the Logger<br />Logical operators in Logger Search<br />Fastest access to the information stored in the Logger<br />29<br />Only available when using Alienvault professional SIEM<br />
  30. 30. Logger<br />Select the time frame easily clicking on graphs or using a calendar<br />Digitally signed logs can be exported to be verified using an external application<br />Improved search syntax<br />30<br />Only in Alienvault Professional SIEM<br />
  31. 31. Higher Performance and Increased Storage<br />Database redesigned to increase performance and storage capacity.<br />Improved Multithread support in OSSIM Server<br />Multi-insertion to reduce database queries<br />Faster processing of events<br />31<br />Only available when using Alienvault professional SIEM<br />
  32. 32. Upcoming Work<br />
  33. 33. Upcoming work<br />NAC ( Network Access Control)<br />Asset auto-discovery<br />HIDS Management console<br />Collectors Management console<br />New correlation capabilities<br />DLP (Data Loss Prevention)<br />Improve Nagios Integration<br />33<br />