One of the things that in the past I’ve had problems with (especially with Virtual Machines) has been changing the network settings in OSSIM. In version 3.0, my testing so far has done me well. You don’t even have to do any command line fu.
Simply go to these 3 files and update them to…»Read the full article
In OSSIM v3, it’s not immediately obvious how to create custom rules/policies if you want to trigger an alert or action based on certain IDS (e.g. OSSIM plugin) criteria. So let’s learn how to create a custom rule! We’ll run through an example of creating a policy to trigger an alert associated to 3 plugings…»Read the full article
learn how to fix your OpenVAS scans in OSSIM 2.3.1
So I was doing my post Defcon reading and Anton Chuvakin wrote a blog post about the recent 2010 Verizon Data Breach Report (in conjunction with the Secret Service). What jumped out right at me was the low amount of people that check their logs. Specifically:
“We’ve observed companies that were hell-bent on…»Read the full article
I was doing a lab with my class and the goal is to have them end up with a fully functioning OSSIM environment. One of the random issues we ran into was many of the network graphs were not functioning correctly.
Well if you go to the configuration of your graphs, you may notice…»Read the full article
If you tried my php memory fix for OSSIM, I recommended 256MB. Turns out I was then trying to generate a report with 80K+ events, and had to increate to 512MB to get it to work. Original post here.
So once we got our OSSIM stood up, (we had 2 NICs on the appliance) we were able to see the SPAN port which included all internal VLANs. But I wanted to be able to see what was hitting us from the outside also. Since we couldn’t add another VLAN to the SPAN port with…»Read the full article