How to Setup an AlienVault OSSIM System


This lesson covers:

  1. The glossary:
    1. Server: allows a analyst to log on so they can view events and alarms
    2. Sensor: able to perform many tasks such as vulnerability scanning.
    3. Logger: the storage component of Alien Vault
    4. All-in-one solution: This combines the three components of the OSSIM which are the server, sensor and logger.
    5. Raw logs: The unnormalized logs of the AlienVault to create events.
    6. Events
    7. Alarms: prompt an analyst to take action if a trend is detected.
    8. Data source/Plugin: a log parser tied to specific devices such as a Palo Alto Firewall.
    9. Syslog: a standardized protocol to send log and data information.
  2. OSSIM’s open source components:
    1. PRADS: passive asset discovery
    2. NMAP: active asset discovery
    3. OpenVAS: vulnerability scanner
    4. Suricata: NIDS
    5. Nagios: network monitoring
    6. OSSEC:  HIDS
  3. Deployment architecture: Consists of the two options.
    1. Single Sensor: good for low traffic needs. Some environments, such as a lab set up only need a single sensor.
    2. Multiple sensor: better for high traffic needs
  4. Single vs multi sensor deployments: multi sensor systems provide more flexibility during the deployment preparation process.
  5. Lab overview: in this section of the course, participants will receive step by step instructions in the installation and configuration of:
    1. OSSIM Sensor
    2. OSSIM Server
    3. Linux Web Server
    4. Kali Machine

As this course assumes no prior knowledge, participants should be able to follow along without any comprehension issues as the instructor breaks down the process and offers basic, from the ground up step by step instructions. Upon completion of this course, participants will have a fully functional Alien Vault OSSIM set up. This will offer a great environment to learn other skills such as penetration testing or writing IDS rules.

Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.


Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?