One of the things that in the past I’ve had problems with (especially with Virtual Machines) has been changing the network settings in OSSIM. In version 3.0, my testing so far has done me well. You don’t even have to do any command line fu.
In OSSIM v3, it’s not immediately obvious how to create custom rules/policies if you want to trigger an alert or action based on certain IDS (e.g. OSSIM plugin) criteria. So let’s learn how to create a custom rule! We’ll run through an example of creating a policy to trigger an alert associated to 3 plugings…»Read the full article
learn how to fix your OpenVAS scans in OSSIM 2.3.1
So I was doing my post Defcon reading and Anton Chuvakin wrote a blog post about the recent 2010 Verizon Data Breach Report (in conjunction with the Secret Service). What jumped out right at me was the low amount of people that check their logs. Specifically:
I was doing a lab with my class and the goal is to have them end up with a fully functioning OSSIM environment. One of the random issues we ran into was many of the network graphs were not functioning correctly.
If you tried my php memory fix for OSSIM, I recommended 256MB. Turns out I was then trying to generate a report with 80K+ events, and had to increate to 512MB to get it to work. Original post here.