Alienvault

AlienVault Open Source SIEM (OSSIM) is a complete Security Management solution that detects and profiles attacks, and provides a comprehensive, intelligent Security Management platform and toolset.

The entire solution is composed of open source distributions including all seamlessly integrated tools, and the security management platform. The OSSIM project was created and is currently coordinated by the founders of AlienVault.

This is a great application - works with tons of other systems such as snort and pfsense and others to make sense of your security on the network.

We have it running - and love it - however thinking it might help the community @ large.
 

SwampRabbit

New Member
Dec 4, 2015
18
1
3
I second the request for OSSIM.

Have had nothing but problems recently with the ISO from AlienVault, usually some kernel panic, or other nonsense during install.
 

sdinet

Member
Feb 24, 2016
69
0
6
USA
I think Proxmox does a good job of managing its own logs. However I think the logs are copied between all nodes, so 4 nodes = 4x the log files. Also, there is an implicit trust relationship between all nodes, meaning that a credentialed user on one node could destroy the logs on all nodes.
 

SwampRabbit

New Member
Dec 4, 2015
18
1
3
sdinet,

Not sure what that has to do with having an OSSIM Virtual Appliance for Proxmox.

Having an OSSIM Virtual Appliance for Proxmox would make it very easy to install a OSSIM VM and then use OSSEC across all VMs in a cluster.
 

sdinet

Member
Feb 24, 2016
69
0
6
USA
I meant that the OSSIM would be a standalone log repository, in addition to all its other features. Meaning that an agent would be deployed on each proxmox node, in addition to all the VMs. Do you run an OSSIM in a VM?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!