1 hour 18 minutes

Video Description

This lesson covers: 1. The glossary:

  1. Server: allows a analyst to log on so they can view events and alarms
  2. Sensor: able to perform many tasks such as vulnerability scanning.
  3. Logger: the storage component of Alien Vault
  4. All-in-one solution: This combines the three components of the OSSIM which are the server, sensor and logger.
  5. Raw logs: The unnormalized logs of the AlienVault to create events.
  6. Events
  7. Alarms: prompt an analyst to take action if a trend is detected.
  8. Data source/Plugin: a log parser tied to specific devices such as a Palo Alto Firewall.
  9. Syslog: a standardized protocol to send log and data information.
  10. OSSIM's open source components:
  11. PRADS: passive asset discovery
  12. NMAP: active asset discovery
  13. OpenVAS: vulnerability scanner
  14. Suricata: NIDS
  15. Nagios: network monitoring
  17. Deployment architecture: Consists of the two options.
  18. Single Sensor: good for low traffic needs. Some environments, such as a lab set up only need a single sensor.
  19. Multiple sensor: better for high traffic needs
  20. Single vs multi sensor deployments: multi sensor systems provide more flexibility during the deployment preparation process.
  21. Lab overview: in this section of the course, participants will receive step by step instructions in the installation and configuration of:
  22. OSSIM Sensor
  23. OSSIM Server
  24. Linux Web Server
  25. Kali Machine

As this course assumes no prior knowledge, participants should be able to follow along without any comprehension issues as the instructor breaks down the process and offers basic, from the ground up step by step instructions. Upon completion of this course, participants will have a fully functional Alien Vault OSSIM set up. This will offer a great environment to learn other skills such as penetration testing or writing IDS rules.

Up Next

AlienVault OSSIM

This course will use AlienVault OSSIM to showcase a Security Information and Event Management (SIEM) system. A SIEM is used to aggregate logs for all sources in a network, analyze the logs through a correlation engine, and generating alarms on malicious indicators and activity.

Instructed By

Instructor Profile Image
Anthony Isherwood