AlienVault, profile picture
Uploaded byAlienVault
PPTX, PDF3,433 views

Improve Threat Detection with OSSEC and AlienVault USM

AlienVault provides mid-sized businesses with unified security products, intelligence, and community resources for modern threat defense. The document details AlienVault's capabilities, including OSSEC features like log analysis and vulnerability assessment, along with an overview of the USM architecture and integrated tools. It also offers insights into event correlation and management through a comprehensive GUI for effective security monitoring.

Related topics:
Threat Detection

Embed presentation

Downloaded 113 times
About AlienVault AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against today’s modern threats
Agenda OSSEC capabilities AlienVault USM capabilities Demo – See it in action • Remote OSSEC agent deployment, configuration and management • Behavioral monitoring of servers and workstations • Logging and reporting for PCI compliance • Data correlation with IP reputation data, vulnerability scans and more • Correlating OSSEC events to detect attacks
OSSEC & AlienVault USM Learning the Basics…
OSSEC capabilities Log analysis based intrusion detection File integrity checking Registry keys integrity checking (Windows) Signature based malware/rootkits detection Real-time alerting and active response
OSSEC Architecture Agent components: Logcollectord: Read logs (syslog, WMI, flat files) Syscheckd: File integrity checking Rootcheckd: Malware and rootkits detection Agentd: Forwards data to the server Server components: Remoted: Receives data from agents Analysisd: Processes data (main process) Monitord: Monitor agents
ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE/SIEM • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • File Integrity Monitoring USM Platform Integrated, Essential Security Controls
AlienVault USM Architecture Embedded tools: Asset discovery: Nmap, Prads Behavioral monitoring: Netflow, Ntop, Nagios Threat detection: Snort, Suricata, OSSEC Vulnerability assessment: OpenVas External collectors: Syslog WMI SDEE
AlienVault Event Correlation AlienVault USM correlates events from multiple sources, crossing OSSEC alerts with information collected from embedded detectors and external sources.
OSSEC Management Interface • Status monitor • Events viewer • Agents control manager • Configuration manager • Rules viewer/editor • Logs viewer • Server control manager • Deployment manager • Rules viewer/editor AlienVault USM provides a comprehensive GUI for OSSEC alerts management:
Let’s See It In Action
888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Now for some Q&A.. Questions? Hello@AlienVault.com Twitter : @alienvault

More Related Content

PPTX
LDAP
byChandanapriya Sathavalli
 
PPTX
How to Detect SQL Injections & XSS Attacks with AlienVault USM
byAlienVault
 
PPT
Windowsforensics
bySantosh Khadsare
 
PDF
Not a Security Boundary
byWill Schroeder
 
PDF
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
byMauricio Velazco
 
PDF
QRadar Architecture.pdf
byPencilData
 
PPTX
Linux privilege escalation
bySongchaiDuangpan
 
PPTX
Hot potato Privilege Escalation
bySunny Neo
 
LDAP
byChandanapriya Sathavalli
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
byAlienVault
 
Windowsforensics
bySantosh Khadsare
 
Not a Security Boundary
byWill Schroeder
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
byMauricio Velazco
 
QRadar Architecture.pdf
byPencilData
 
Linux privilege escalation
bySongchaiDuangpan
 
Hot potato Privilege Escalation
bySunny Neo
 

What's hot

PDF
Modern Malware and Threats
byMarketingArrowECS_CZ
 
PDF
MindMap - Forensics Windows Registry Cheat Sheet
byJuan F. Padilla
 
PPTX
Check Mates Maestro under the hood 2022.pptx
byDzung Dang Chi
 
PDF
Hunting Lateral Movement in Windows Infrastructure
bySergey Soldatov
 
PPT
Introduction To SELinux
byRene Cunningham
 
ODP
Linux Kernel Crashdump
byMarian Marinov
 
PDF
Hunting for Credentials Dumping in Windows Environment
byTeymur Kheirkhabarov
 
PPTX
Threat Hunting with Splunk
bySplunk
 
PPTX
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
byDenis Gundarev
 
PDF
Self Healing Capabilities of Domino 10
byKim Greene Consulting, Inc.
 
PPTX
Detecting modern PowerShell attacks with SIEM
byJustin Henderson
 
PPTX
Memory forensics
bySunil Kumar
 
PDF
SANS Forensics 2009 - Memory Forensics and Registry Analysis
bymooyix
 
PPSX
4 Operations Security
byAlfred Ouyang
 
PDF
ACL on Linux - Part 1
byGLC Networks
 
PPTX
Access control list acl - permissions in linux
bySreenatha Reddy K R
 
PDF
Windows attacks - AT is the new black
byChris Gates
 
PDF
Windows internals Essentials
byJohn Ombagi
 
PDF
(ISC)² Certified in Cybersecurity (CC).pdf
byibrahim naaif
 
PDF
Alphorm.com Formation Techniques de Blue Teaming : L'Essentiel pour l'Analyst...
byAlphorm
 
Modern Malware and Threats
byMarketingArrowECS_CZ
 
MindMap - Forensics Windows Registry Cheat Sheet
byJuan F. Padilla
 
Check Mates Maestro under the hood 2022.pptx
byDzung Dang Chi
 
Hunting Lateral Movement in Windows Infrastructure
bySergey Soldatov
 
Introduction To SELinux
byRene Cunningham
 
Linux Kernel Crashdump
byMarian Marinov
 
Hunting for Credentials Dumping in Windows Environment
byTeymur Kheirkhabarov
 
Threat Hunting with Splunk
bySplunk
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
byDenis Gundarev
 
Self Healing Capabilities of Domino 10
byKim Greene Consulting, Inc.
 
Detecting modern PowerShell attacks with SIEM
byJustin Henderson
 
Memory forensics
bySunil Kumar
 
SANS Forensics 2009 - Memory Forensics and Registry Analysis
bymooyix
 
4 Operations Security
byAlfred Ouyang
 
ACL on Linux - Part 1
byGLC Networks
 
Access control list acl - permissions in linux
bySreenatha Reddy K R
 
Windows attacks - AT is the new black
byChris Gates
 
Windows internals Essentials
byJohn Ombagi
 
(ISC)² Certified in Cybersecurity (CC).pdf
byibrahim naaif
 
Alphorm.com Formation Techniques de Blue Teaming : L'Essentiel pour l'Analyst...
byAlphorm
 

Similar to Improve Threat Detection with OSSEC and AlienVault USM

PPTX
Advanced OSSEC Training: Integration Strategies for Open Source Security
byAlienVault
 
PPTX
How to Detect a Cryptolocker Infection with AlienVault USM
byAlienVault
 
PPTX
Improve Situational Awareness for Federal Government with AlienVault USM
byAlienVault
 
PPTX
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
byAlienVault
 
PPTX
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
PDF
Incident Response Whitepaper - AlienVault
byJermund Ottermo
 
PPTX
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
byAlienVault
 
PPTX
Improve threat detection with hids and alien vault usm
byAlienVault
 
PPTX
How Malware Works
byAlienVault
 
PPTX
Alienvault threat alerts in spiceworks
byAlienVault
 
PPTX
Spice world 2014 hacker smackdown
byAlienVault
 
PDF
USM appliance datasheet 2024 latest 070324
byMuhammadAmirulSyazwa2
 
PPTX
How to Solve Your Top IT Security Reporting Challenges with AlienVault
byAlienVault
 
PPTX
Best Practices for Configuring Your OSSIM Installation
byAlienVault
 
PPTX
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
PPTX
How to Investigate Threat Alerts in Spiceworks!
byAlienVault
 
PPTX
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
byAlienVault
 
PPTX
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
byAlienVault
 
PPTX
SpiceWorks Webinar: Whose logs, what logs, why logs
byAlienVault
 
PPTX
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
byAlienVault
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
byAlienVault
 
How to Detect a Cryptolocker Infection with AlienVault USM
byAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
byAlienVault
 
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
byAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
Incident Response Whitepaper - AlienVault
byJermund Ottermo
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
byAlienVault
 
Improve threat detection with hids and alien vault usm
byAlienVault
 
How Malware Works
byAlienVault
 
Alienvault threat alerts in spiceworks
byAlienVault
 
Spice world 2014 hacker smackdown
byAlienVault
 
USM appliance datasheet 2024 latest 070324
byMuhammadAmirulSyazwa2
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
byAlienVault
 
Best Practices for Configuring Your OSSIM Installation
byAlienVault
 
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
How to Investigate Threat Alerts in Spiceworks!
byAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
byAlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
byAlienVault
 
SpiceWorks Webinar: Whose logs, what logs, why logs
byAlienVault
 
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
byAlienVault
 

More from AlienVault

PDF
Malware Invaders - Is Your OS at Risk?
byAlienVault
 
PPTX
Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
PDF
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
byAlienVault
 
PDF
Insider Threat Detection Recommendations
byAlienVault
 
PDF
Open Source IDS Tools: A Beginner's Guide
byAlienVault
 
PPTX
Malware detection how to spot infections early with alien vault usm
byAlienVault
 
PDF
Security operations center 5 security controls
byAlienVault
 
PDF
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
PDF
The State of Incident Response - INFOGRAPHIC
byAlienVault
 
PPTX
Incident response live demo slides final
byAlienVault
 
PPTX
Improve Security Visibility with AlienVault USM Correlation Directives
byAlienVault
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
PPTX
IDS for Security Analysts: How to Get Actionable Insights from your IDS
byAlienVault
 
PDF
Alien vault sans cyber threat intelligence
byAlienVault
 
PPTX
Security by Collaboration: Rethinking Red Teams versus Blue Teams
byAlienVault
 
PPTX
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
byAlienVault
 
PPTX
How to Detect System Compromise & Data Exfiltration with AlienVault USM
byAlienVault
 
PPTX
Demo how to detect ransomware with alien vault usm_gg
byAlienVault
 
PPTX
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
byAlienVault
 
Malware Invaders - Is Your OS at Risk?
byAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
byAlienVault
 
Insider Threat Detection Recommendations
byAlienVault
 
Open Source IDS Tools: A Beginner's Guide
byAlienVault
 
Malware detection how to spot infections early with alien vault usm
byAlienVault
 
Security operations center 5 security controls
byAlienVault
 
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
The State of Incident Response - INFOGRAPHIC
byAlienVault
 
Incident response live demo slides final
byAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
byAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
byAlienVault
 
Alien vault sans cyber threat intelligence
byAlienVault
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
byAlienVault
 
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
byAlienVault
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
byAlienVault
 
Demo how to detect ransomware with alien vault usm_gg
byAlienVault
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
byAlienVault
 

Improve Threat Detection with OSSEC and AlienVault USM

  • 2.
    About AlienVault AlienVault hasunified the security products, intelligence and community essential for mid-sized businesses to defend against today’s modern threats
  • 3.
    Agenda OSSEC capabilities AlienVault USMcapabilities Demo – See it in action • Remote OSSEC agent deployment, configuration and management • Behavioral monitoring of servers and workstations • Logging and reporting for PCI compliance • Data correlation with IP reputation data, vulnerability scans and more • Correlating OSSEC events to detect attacks
  • 4.
    OSSEC & AlienVaultUSM Learning the Basics…
  • 5.
    OSSEC capabilities Log analysisbased intrusion detection File integrity checking Registry keys integrity checking (Windows) Signature based malware/rootkits detection Real-time alerting and active response
  • 6.
    OSSEC Architecture Agent components: Logcollectord:Read logs (syslog, WMI, flat files) Syscheckd: File integrity checking Rootcheckd: Malware and rootkits detection Agentd: Forwards data to the server Server components: Remoted: Receives data from agents Analysisd: Processes data (main process) Monitord: Monitor agents
  • 7.
    ASSET DISCOVERY • ActiveNetwork Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE/SIEM • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • File Integrity Monitoring USM Platform Integrated, Essential Security Controls
  • 8.
    AlienVault USM Architecture Embeddedtools: Asset discovery: Nmap, Prads Behavioral monitoring: Netflow, Ntop, Nagios Threat detection: Snort, Suricata, OSSEC Vulnerability assessment: OpenVas External collectors: Syslog WMI SDEE
  • 9.
    AlienVault Event Correlation AlienVaultUSM correlates events from multiple sources, crossing OSSEC alerts with information collected from embedded detectors and external sources.
  • 10.
    OSSEC Management Interface •Status monitor • Events viewer • Agents control manager • Configuration manager • Rules viewer/editor • Logs viewer • Server control manager • Deployment manager • Rules viewer/editor AlienVault USM provides a comprehensive GUI for OSSEC alerts management:
  • 11.
    Let’s See ItIn Action
  • 12.
    888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Test DriveAlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Now for some Q&A.. Questions? Hello@AlienVault.com Twitter : @alienvault