3.9 Installing OSSIM

00:00

Welcome back to the savory course in building. You're in for a sec lap. I'm your host and instructor Kevin Hernandes.

00:06

In our last lesson, we installed a free version off Splunk. One of the top. Yes, I am players out there in the market.

00:14

In today's lesson. We'll go over O s s. I am Oh, awesome. From animal

00:20

Company by AT and T It is also a tool that at this level it's free of charge and can use in your lab.

00:28

Now let's get started.

00:30

Let's go ahead. And it's Tello's.

00:34

So creating a machine

00:37

just took

00:38

Muslim

00:41

other. And there

00:47

nix.

00:48

Next

00:51

I ask you to cp use sister giggsfirst

00:56

skid. Uh,

00:58

for Graham.

01:00

Give it 45 Storch and everything else

01:04

you just say,

01:07

make sure you pick the image disk. It's not loaded yet. So the school ahead and load it on the radio emissions. How low? T

01:15

Yes.

01:19

Now, both, um, it's basically the free version off alien bolt

01:23

and we're only gonna show the quick installation. If anything, when we actually look into awesome, we're gonna look at the *** only half online for free and base. Aren't research be on that

01:36

the reason why I do this is because awesome in the *** well already has a lot of locks in it, and their first gonna have on provide us a better view on what it's needed in a real time environment, so to speak.

01:51

Another reason we're only gonna install This is first of all, our storages. You're getting relatively small at this time.

01:59

Second,

02:00

Olsen is to free variant of edible, and an involved itself offers a free *** online.

02:06

Therefore, we can utilize freedom in order to more familiarize with the products that are available out there. Now

02:14

you won't be able to use a free demo indefinitely, and it's only like cloud version.

02:19

Therefore, it's more so you can familiarize with how s I am, Sze work and most likely what will be provided to you, if you will by this part for your enterprise.

02:29

So select the image

02:31

and listen next

02:34

verify everything looks okay for two

02:37

45 lets it finish.

02:40

And there's those, um, let's go ahead and start the machine

02:46

and see how it goes.

02:47

There we go. You can start a system or a sensor. So that's the system itself.

02:57

Here we have the lynch was selector,

03:00

screw in English and hit.

03:02

For some reason, the keyboard amounts not properly

03:08

go in there.

03:09

Okay,

03:12

United States

03:14

and knowledge not detecting the hardware

03:16

in the city,

03:23

and it's installing its components looks a lot simpler than curator. To be honest so far,

03:42

the I P addresses unique to your computer and maybe for number supper by periods look accident ful if you don't know what to use your conciliate network administrator. Okay,

03:52

so let's assign an I P address for this.

04:00

We'll see which I p The P M has been a sign

04:02

you can see at this moment. No. Eight p address has been assigned.

04:05

Let's just give it a random one.

04:09

You feel for the best.

04:13

That's that's correct.

04:15

Gateway P is correct.

04:18

That's correct.

04:20

Let's see what happens to her

04:29

candy

04:34

after the night. Worse configure, it will require you to put in some credentials.

04:41

Let's go ahead. Put some credentials in

04:44

you continue.

04:46

Most continue with insulation.

04:58

It's like time so

05:02

sloping additional components are petitioning

05:06

gonna formatting.

05:11

I'm installing the system now

05:15

You don't go ahead and possibly your 1st 2nd?

05:17

No, we're about five

05:19

for eight minutes in

05:21

after we policy video and it's still the process. Installation

05:27

looks pretty much done, however.

05:29

We're not sure of that career. About 29% actually seem to have finished installing

05:36

D s. I am. You can see here interface I'd be So let's make sure we take a snip. It's not that

05:50

copy. Let's add it back to our sheets

05:58

at the name.

06:00

Let's see it.

06:04

Hey,

06:05

let's let you.

06:14

And there, you know, it says to access the Web interface to go to that I p right.

06:18

So let's go ahead.

06:20

Actually

06:26

exit this.

06:27

Let's go to that interface

06:29

one night to that once excited that one don't want to. Three.

06:33

So when I 2.168

06:36

Wonder wanted,

06:42

Let's get a second.

06:45

Who wants your lug in? You're gonna get the traditional warning.

06:54

Let's give it a second fertile owed you got here. You'll start filling up information. Kevin past hurt

07:13

email. I'm gonna pulse toe Philip. The other information.

07:18

Once you complete an information to 1% of what admin page

07:42

and you're Logan.

07:45

So you're about to see at least reconfigure critical security capabilities. Very minimal one. Never monitor figure not wearing tutus and monitor network track for threats to discover assets. Olson will perform this curry scan to detect at six and three, collect locks and monitor assets. Monitor assets, Locks on alone. Suspicious Ex City. So let's go ahead. Let's start.

08:03

Let's see if it actually detects anything,

08:05

Okay, it didn't find her management interface,

08:09

So let's click next

08:13

and found a host

08:16

Windows host.

08:18

Okay, so let's can the network.

08:22

Well, let's skin there.

08:24

You sit

08:31

management interface until we can figure

08:35

the device properly. This might not work with the hits Next

08:41

Sting. For each ideas, it lets his next and skipped it.

08:50

Skip this temp

08:52

and ask if you want joining the exchange opened. Turn exchange. Let's skip it.

08:58

It's finish.

09:01

Let's explore it now

09:03

so you have a dash for it

09:09

with some information, right?

09:11

No authentication alerts, system

09:13

and excess. And this is a lot more info you're seeing now, versus you know

09:20

what we saw from curator and Splunk by default.

09:24

Now this is most likely information from the system itself, and we won't know until we actually get into the needy greedy of it. So let's just click on one. Let's see what happens,

09:48

it's in Here we go.

09:50

You see here a couple of events the risk and M bald session opens session clothes.

09:58

This this mostly

10:00

D This divides itself.

10:03

Figure a real time. We might be seen on a couple events

10:07

room

10:09

you ever take. You can see now out of memory.

10:11

That's a citizen risk. And honestly, this is because we estimated it very little amount of ram,

10:16

so just be aware of that.

10:22

If we have the assets, you have a window, sits be slashed. Alison,

10:26

we have the and unbolt system.

10:31

You can sit name groups

10:35

to buy it and the lands

10:37

that were groups

10:37

into skins.

10:43

It also create reports on no alarms.

10:48

This is same pack tough events, et cetera,

10:52

since pretty easy,

10:54

pretty simple compared to other s. I am sze.

11:01

You can actually look at different alarms right now.

11:05

We don't have any

11:07

security events.

11:09

Yeah,

11:11

session close. So let's cloak into that and look further

11:13

and here you can see that it came from the center from this I p.

11:20

And it's an authentication event for a log out,

11:24

right? And it's a system log.

11:26

You just throw a lot of it letter here in the bottom, you have to actual payload of the event.

11:33

And this is really where the need a greedy gets into any. Yes, I am these type of events themselves. It's what you will be. You see things such as rash, Jax, if you wanna build custom data inputs into other applications

11:50

and this is where we're gonna leave all this aside, I am for now.

11:54

Once we get into

11:56

more alien bold itself, we'll look at the online demo and discussed the data in there.

12:03

So let's look out

12:05

into those a lesson. We're basically install o. S s. I am a free tool for s I am

12:15

when comparing to the complexity off installation between Ozen,

12:18

Splunk and Curator also goes straight in the middle between curator

12:24

and splints. Free version. It was not complex *** curator, but also took a load of it longer and have a little more configuration items to configure when compared to Splunk.

12:35

In our next lesson will actually go over and install Callie Lennox. Are pen testing and ethical hacking operating system into rpm's