Alienvault

Discussion in 'What Virtual Appliances do you want to see?' started by typo3usa, Oct 2, 2010.

  1. typo3usa

    typo3usa Member

    Joined:
    Sep 1, 2008
    Messages:
    214
    Likes Received:
    0
    AlienVault Open Source SIEM (OSSIM) is a complete Security Management solution that detects and profiles attacks, and provides a comprehensive, intelligent Security Management platform and toolset.

    The entire solution is composed of open source distributions including all seamlessly integrated tools, and the security management platform. The OSSIM project was created and is currently coordinated by the founders of AlienVault.

    This is a great application - works with tons of other systems such as snort and pfsense and others to make sense of your security on the network.

    We have it running - and love it - however thinking it might help the community @ large.
     
  2. sdinet

    sdinet Member

    Joined:
    Feb 24, 2016
    Messages:
    69
    Likes Received:
    0
    yes this
     
  3. SwampRabbit

    SwampRabbit New Member

    Joined:
    Dec 4, 2015
    Messages:
    18
    Likes Received:
    1
    I second the request for OSSIM.

    Have had nothing but problems recently with the ISO from AlienVault, usually some kernel panic, or other nonsense during install.
     
  4. sdinet

    sdinet Member

    Joined:
    Feb 24, 2016
    Messages:
    69
    Likes Received:
    0
    I think Proxmox does a good job of managing its own logs. However I think the logs are copied between all nodes, so 4 nodes = 4x the log files. Also, there is an implicit trust relationship between all nodes, meaning that a credentialed user on one node could destroy the logs on all nodes.
     
  5. SwampRabbit

    SwampRabbit New Member

    Joined:
    Dec 4, 2015
    Messages:
    18
    Likes Received:
    1
    sdinet,

    Not sure what that has to do with having an OSSIM Virtual Appliance for Proxmox.

    Having an OSSIM Virtual Appliance for Proxmox would make it very easy to install a OSSIM VM and then use OSSEC across all VMs in a cluster.
     
  6. sdinet

    sdinet Member

    Joined:
    Feb 24, 2016
    Messages:
    69
    Likes Received:
    0
    I meant that the OSSIM would be a standalone log repository, in addition to all its other features. Meaning that an agent would be deployed on each proxmox node, in addition to all the VMs. Do you run an OSSIM in a VM?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice