One of the things that in the past I’ve had problems with (especially with Virtual Machines) has been changing the network settings in OSSIM. In version 3.0, my testing so far has done me well. You don’t even have to do any command line fu.
In OSSIM v3, it’s not immediately obvious how to create custom rules/policies if you want to trigger an alert or action based on certain IDS (e.g. OSSIM plugin) criteria. So let’s learn how to create a custom rule! We’ll run through an example of creating a policy to trigger an alert associated to 3 plugings…»Read the full article