ossim components

Report

Post on 12-Nov-2014

76 Views

Category:

Documents

14 Downloads

Preview:

Click to see full reader

TRANSCRIPT

OSSIM Components Overview

OSSIM Functional Components

Server – The core of the SIEM

Framework – Connects everything together

Sensor – Collects Information

Database – Storage for other components

Logger (Commercial Only) – Complete log storage

Server

Server is the central component of OSSIM, and performs the key SIEM functions:

Event CorrelationRisk Assessment And PrioritizationInventory and Identity ManagementAlarms and SchedulingPolicy ManagementReputation Engine

Framework

Framework manages OSSIM components and connects them together.

Provides the Web User InterfaceManages OSSIM component configurations and communication.

Database

Handles storage for Inventory data, configuration and SIEM events.

SIEM Event StorageAsset StorageContinuous Data (netflow, etc) storageRun-time OSSIM Configurations

Sensor (+Agents)

The Information-Gathering component of OSSIM. Agents collect logs and events from external devices and OSSIM monitoring components, using Plugins for each type of information they will collect

Log Collection Fetch and Receive

Network Monitoring Network Traffic MonitoringNetwork Intrusion DetectionAsset DetectionHost Intrusion DetectionWireless Intrusion Detection

Logger [Commercial Only]

The Server stores log events that are of interest to security analysis, filtering out only the log events that are significant. The Logger additionally stores the log in raw format for forensic and compliance purposes. and archival searches.

Indexed for Full-Text searches

Cryptographically Signed log messages

Additionally accessible as raw text.

Designed for long-term storage

Open Source Software in the OSSIM Architecture

Within each of the components of OSSIM, lie a selection of open-source security software.

Some are part of the core Framework, others reside on the Sensors which may be distributed over the network to provide visibility.

Server/Framework:• Nagios• OCSInventory• NFSen• Ntop (interface)

Sensor• Snort • Nfcap/Fprobe • P0f • Pads• Arpwatch• Ntop• Nmap• OpenVAS• OSSEC• Kismet

top related

proposal of 3d gis for spatial data visualization …3d...
Documents
company profile ossim
Documents
collecting windows logs using snare · and forwards the...
Documents
instalacion de ossim siem
Documents
magic quadrant for security information and event...
Documents
acsa - ossim
Documents
how can ossim help you with your pci dss wireless ... ·...
Documents
ossim desc en
Documents
advanced attack detection using ossim
Documents
presentación de powerpoint - caivirtual.policia.gov.co ·...
Documents
instalacion ossim
Documents
lecture ossim
Technology
análisis de la plataforma ossim - riunet repositorio upv
Documents
ossim-school of security and intelligence management
Business
best practices for configuring your ossim installation
Technology
ossim whitepaper overview
Documents
ossim application
Documents
oil smart simplex control panel ossim-30. catalog... ·...
Documents
mise en oeuvre d'un prototype d'architecture ossim ·...
Documents
unclassified ossim overview -...
Documents