Abstract image of a woman sitting on books and studying on a laptop

Best Practices for Configuring Your OSSIM Installation

Download as PPTX, PDF
AlienVault, profile picture
AlienVault

The document provides a comprehensive guide for deploying and configuring OSSIM with OSSEC agents, detailing the steps for adding agents, configuring settings, verifying operations, and conducting vulnerability assessments. It also compares OSSIM with USM, highlighting key differences in features such as correlation directives and reporting capabilities. The document includes links to resources, forums, and training opportunities for users seeking further assistance and information.

Technology
Related topics:
Security Best Practices
1 of 30
Downloaded 924 times
1
2
3
4
5
6
7
8
9
Most read
10
11
Most read
12
13
14
15
16
Most read
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Title
Introductions Mark Allen Technical Sales Engineer Garrett Gross Sr. Technical PMM
Resources for OSSIM Users AlienVault Forums: https://www.alienvault.com/forums/discussions/tagged/ossim LinkedIn Group: https://www.linkedin.com/groupInvitation?gid=3793 USM & OSSIM On-Demand Training Archives: https://www.alienvault.com/product-training AlienVault Blog – Analysis from the AlienVault Labs research team, practical tips to secure your environment & industry trends
Agenda How to deploy & configure OSSEC agents Best practices for configuring syslog and enabling plugins Scanning your network for assets and vulnerabilities
Lets get started!
Host IDS Configuration
OSSIM comes with OSSEC host-based IDS, which provides: • Log monitoring and collection • Rootkit detection • File integrity checking • Windows registry integrity checking • Active response OSSEC uses authenticated server/agent architecture. Host IDS OSSIM Sensor OSSEC Server Servers OSSEC Agent OSSIM Server UDP 1514 Normalized events
Deploying HIDS 1. Add an agent in OSSIM 2. Deploy HIDS agent to the target system. 3. Optionally change configuration file on the agent. 4. Verify HIDS operations.
Add an agent. Save agent. Specify name and IP address. Add Agent in OSSIM Required task for all operating systems Can also be added through the manage_agents script Environment > Detection > HIDS > Agents
Specify domain, username and password of the target system. Download preconfigured agent for Windows. Automatic deployment for Windows. Extract key. Deploy HIDS Agent to Target System Automated deployment for Windows machines Manual installation for other OS Key extraction is required for manual installation
Configuration file. Log file. Change Configuration File on Agent OSSEC configuration is controlled by a text file. Agent needs to be restarted after configuration changes. Log file is available for troubleshooting.
Agent status should be active. Verify HIDS Operations Displays overview of OSSEC events and agent information Environment > Detection > HIDS > Overview
OSSEC events. Verify HIDS Operations (Cont.) Verify if OSSEC events are displayed in the SIEM console. Utilize search filter to display only events from OSSEC data source. Analysis > Security Events (SIEM) > SIEM
Verify HIDS Operations (Cont.) Environment > Detection > HIDS > Agents > Agent Control Verify registry integrity. Verify presence of rootkits. Verify file integrity.
Syslog & Plugins
Syslog Forwarding Syslog configuration will vary based on source device/application but, usually, the necessary parameters are: • Destination IP • Source IP • Port (default is UDP 514)
Enabling Plugins Enable plugin at the asset level General > Plugins > Edit Plugins Green light under “Receiving Data” will confirm successful log collection
Vulnerability Assessment
Vulnerability Assessment Uses a built-in OpenVAS scanner Detects vulnerabilities in assets • Vulnerabilities are correlated with events‘ cross-correlation rules • Useful for compliance reports and auditing Managed from the central SIEM console: • Running and scheduling vulnerability scans • Examining reports • Updating vulnerability signatures
Advanced Options Vulnerability assessment can be: • Authenticated (SSH and SMB) • Unauthenticated Predefined profiles can be selected: • Non destructive full and slow scan • Non destructive full and fast scan • Full and fast scan including destructive tests Custom profiles can be created.
Vulnerability Assessment Config 1. (Optionally) tune global vulnerability assessment settings. 2. (Optionally) create a set of credentials. 3. (Optionally) create a scanning profile. 4. Create a vulnerability scan job. 5. Examine scanning results. 6. Optionally create a vulnerability or compliance report.
Update configuration. Select vulnerability ticket threshold. Tune Global Vulnerability Assessment Settings The vulnerability assessment system opens a ticket for found vulnerabilities. Start with a high threshold and fix important vulnerabilities first. Configuration > Administration > Main
Specify login username. Specify credential set name. Select authentication type. Click settings. Create Set of Credentials Used to log into a machine for authenticated scan Supports the DOMAIN/USER username Environment > Vulnerabilities > Overview
Examine 3 default profiles. Enable/disable plugin family. Create a new profle. Edit profiles. Create Scanning Profile Enable profiles that apply to assets you are scanning. Environment > Vulnerabilities > Overview
Create a new scan job. Import Nessus scan report. Select schedule method. Specify scan job name. Select profile. Select server. Select assets. Select credential set for authenticated scan. Save job. Create Vulnerability Scan Job Environment > Vulnerabilities > Scan Jobs
Examine vulnerability statistics. View vulnerability report for all assets. Examine reports for all scan jobs. Examine Vulnerabilities Results Environment > Vulnerabilities > Overview
OSSIM vs. USM
How is USM different? Correlation Directives: Over 2,000 built-in correlation directives developed by the AlienVault Labs Threat Research Team, and updated weekly Reporting: 150+ Customizable Reports, including compliance-specific reports Log Management: Robust Log Management, Log Search & Long-Term Log Retention Professional Support via phone & email as well as customer support portal And more…view comparison chart here: https://www.alienvault.com/products/compare-ossim-to-alienvault-usm “I started out with OSSIM and I didn’t fully realize how much value I would get out of USM until I started using it. The reporting is awesome, it’s been a big benefit for me. And, having a fully supported solution means I can get answers to my questions much more quickly than before.” – Matthew Frederickson, Director of Information Technology, Council Rock School District
USM + Free Installation Services http://www.alienvault.com/marketing/smb-bundles
888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Now for some Q&A Resources for OSSIM Users OSSIM vs. USM Comparison Chart https://www.alienvault.com/products/compare-ossim-to-alienvault-usm AlienVault Forum https://www.alienvault.com/forums/discussions/tagged/ossim LinkedIn Group https://www.linkedin.com/groupInvitation?gid=3793 Subscribe to the AlienVault Blog https://www.alienvault.com/blogs Hands-on 5-day Training Classes, in-person or “Live on-line” https://www.alienvault.com/support/classroom-training

More Related Content

PPTX
Splunk Overview
Splunk
 
PDF
Splunk-Presentation
PrasadThorat23
 
PPTX
Splunk Architecture
Kishore Chaganti
 
PPTX
Splunk Enterprise Security
Splunk
 
PPTX
OSSIM Overview
n|u - The Open Security Community
 
PPT
SOC presentation- Building a Security Operations Center
Michael Nickle
 
PDF
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf
ICS
 
PPTX
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Splunk Overview
Splunk
 
Splunk-Presentation
PrasadThorat23
 
Splunk Architecture
Kishore Chaganti
 
Splunk Enterprise Security
Splunk
 
OSSIM Overview
n|u - The Open Security Community
 
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf
ICS
 
Azure Security Center- Zero to Hero
Kasun Rajapakse
 

What's hot (20)

PPTX
Beginner's Guide to SIEM
AlienVault
 
PPTX
Splunk for IT Operations
Splunk
 
PPTX
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
PDF
Sécurité informatique - Etat des menaces
Maxime ALAY-EDDINE
 
PPTX
Using a secured, cloud-delivered SD-WAN to transform your business network
Netpluz Asia Pte Ltd
 
PDF
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
PDF
SIEM Architecture
Nishanth Kumar Pathi
 
PPTX
Creating Correlation Rules in AlienVault
AlienVault
 
PPTX
Zero Trust Network Access
Er. Ajay Sirsat
 
PDF
Azure Security Overview
David J Rosenthal
 
PDF
Azure Monitoring Overview
gjuljo
 
PDF
Splunk
Simstream
 
PPT
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
PPTX
network monitoring system ppt
ashutosh rai
 
PDF
Vulnerability and Patch Management
n|u - The Open Security Community
 
PDF
Network Access Control (NAC)
Forescout Technologies Inc
 
PPTX
Federated Cloud Computing
David Wallom
 
PPTX
Splunk overview
Daniel Hernandez
 
PPTX
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
PPTX
What the auditor need to know about cloud computing
Moshe Ferber
 
Beginner's Guide to SIEM
AlienVault
 
Splunk for IT Operations
Splunk
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Sécurité informatique - Etat des menaces
Maxime ALAY-EDDINE
 
Using a secured, cloud-delivered SD-WAN to transform your business network
Netpluz Asia Pte Ltd
 
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
SIEM Architecture
Nishanth Kumar Pathi
 
Creating Correlation Rules in AlienVault
AlienVault
 
Zero Trust Network Access
Er. Ajay Sirsat
 
Azure Security Overview
David J Rosenthal
 
Azure Monitoring Overview
gjuljo
 
Splunk
Simstream
 
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
network monitoring system ppt
ashutosh rai
 
Vulnerability and Patch Management
n|u - The Open Security Community
 
Network Access Control (NAC)
Forescout Technologies Inc
 
Federated Cloud Computing
David Wallom
 
Splunk overview
Daniel Hernandez
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
What the auditor need to know about cloud computing
Moshe Ferber
 
Ad

Similar to Best Practices for Configuring Your OSSIM Installation (20)

PDF
Creating a Single View Part 3: Securing Your Deployment
MongoDB
 
PPTX
Webinar: Creating a Single View: Securing Your Deployment
MongoDB
 
PDF
DevOps and CI/CD Security-Best-Practices
ghatakam
 
PPTX
SSecuring Your MongoDB Deployment
MongoDB
 
PPTX
Cloud Application Security: Lessons Learned
Jason Chan
 
PDF
4 florin coada - dast automation, more value for less work
Ievgenii Katsan
 
PDF
ISACA -Threat Hunting using Native Windows tools .pdf
Gurvinder Singh, CISSP, CISA, ITIL v3
 
PPTX
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
AlienVault
 
PPS
Security testing
Tabăra de Testare
 
PPTX
Cloud Application Security: Lessons Learned
Jason Chan
 
PPTX
Introduction to cyber security three .pptx
GUESH8
 
PDF
Security Operation Center : Le Centre des Opérations de Sécurité est une div...
Khaledboufnina
 
PPT
Securing the Cloud
John Kinsella
 
PPTX
Overcoming Security Challenges in DevOps
Alert Logic
 
PDF
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
Felipe Prado
 
PPTX
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 
PDF
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
MSAdvAnalytics
 
PDF
Azure Saturday: Security + DevOps + Azure = Awesomeness
Karl Ots
 
PDF
5 howtomitigate
richarddxd
 
PDF
Security Framework from SANS
Jeffrey Reed
 
Creating a Single View Part 3: Securing Your Deployment
MongoDB
 
Webinar: Creating a Single View: Securing Your Deployment
MongoDB
 
DevOps and CI/CD Security-Best-Practices
ghatakam
 
SSecuring Your MongoDB Deployment
MongoDB
 
Cloud Application Security: Lessons Learned
Jason Chan
 
4 florin coada - dast automation, more value for less work
Ievgenii Katsan
 
ISACA -Threat Hunting using Native Windows tools .pdf
Gurvinder Singh, CISSP, CISA, ITIL v3
 
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
AlienVault
 
Security testing
Tabăra de Testare
 
Cloud Application Security: Lessons Learned
Jason Chan
 
Introduction to cyber security three .pptx
GUESH8
 
Security Operation Center : Le Centre des Opérations de Sécurité est une div...
Khaledboufnina
 
Securing the Cloud
John Kinsella
 
Overcoming Security Challenges in DevOps
Alert Logic
 
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
Felipe Prado
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
MSAdvAnalytics
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Karl Ots
 
5 howtomitigate
richarddxd
 
Security Framework from SANS
Jeffrey Reed
 
Ad

More from AlienVault (20)

PPTX
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
PDF
Malware Invaders - Is Your OS at Risk?
AlienVault
 
PPTX
How to Solve Your Top IT Security Reporting Challenges with AlienVault
AlienVault
 
PPTX
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
PDF
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
PDF
Insider Threat Detection Recommendations
AlienVault
 
PPTX
Alienvault threat alerts in spiceworks
AlienVault
 
PDF
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
PPTX
Malware detection how to spot infections early with alien vault usm
AlienVault
 
PDF
Security operations center 5 security controls
AlienVault
 
PDF
PCI DSS Implementation: A Five Step Guide
AlienVault
 
PPTX
Improve threat detection with hids and alien vault usm
AlienVault
 
PDF
The State of Incident Response - INFOGRAPHIC
AlienVault
 
PPTX
Incident response live demo slides final
AlienVault
 
PPTX
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
PPTX
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
PPTX
How Malware Works
AlienVault
 
PPTX
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
PPTX
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
Malware Invaders - Is Your OS at Risk?
AlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
Insider Threat Detection Recommendations
AlienVault
 
Alienvault threat alerts in spiceworks
AlienVault
 
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
Malware detection how to spot infections early with alien vault usm
AlienVault
 
Security operations center 5 security controls
AlienVault
 
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Improve threat detection with hids and alien vault usm
AlienVault
 
The State of Incident Response - INFOGRAPHIC
AlienVault
 
Incident response live demo slides final
AlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
How Malware Works
AlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 

Recently uploaded (20)

PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PDF
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
PDF
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PPTX
Module 1 Introduction to Web Programming .pptx
kamleshkc191
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
PDF
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PPTX
Internet of Everything -Basic concepts details
sendilkumar66
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Five Habits of High-Impact Board Members
OnBoard
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Module 1 Introduction to Web Programming .pptx
kamleshkc191
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
Internet of Everything -Basic concepts details
sendilkumar66
 

Best Practices for Configuring Your OSSIM Installation

  • 2. Introductions Mark Allen Technical Sales Engineer Garrett Gross Sr. Technical PMM
  • 3. Resources for OSSIM Users AlienVault Forums: https://www.alienvault.com/forums/discussions/tagged/ossim LinkedIn Group: https://www.linkedin.com/groupInvitation?gid=3793 USM & OSSIM On-Demand Training Archives: https://www.alienvault.com/product-training AlienVault Blog – Analysis from the AlienVault Labs research team, practical tips to secure your environment & industry trends
  • 4. Agenda How to deploy & configure OSSEC agents Best practices for configuring syslog and enabling plugins Scanning your network for assets and vulnerabilities
  • 7. OSSIM comes with OSSEC host-based IDS, which provides: • Log monitoring and collection • Rootkit detection • File integrity checking • Windows registry integrity checking • Active response OSSEC uses authenticated server/agent architecture. Host IDS OSSIM Sensor OSSEC Server Servers OSSEC Agent OSSIM Server UDP 1514 Normalized events
  • 8. Deploying HIDS 1. Add an agent in OSSIM 2. Deploy HIDS agent to the target system. 3. Optionally change configuration file on the agent. 4. Verify HIDS operations.
  • 9. Add an agent. Save agent. Specify name and IP address. Add Agent in OSSIM Required task for all operating systems Can also be added through the manage_agents script Environment > Detection > HIDS > Agents
  • 10. Specify domain, username and password of the target system. Download preconfigured agent for Windows. Automatic deployment for Windows. Extract key. Deploy HIDS Agent to Target System Automated deployment for Windows machines Manual installation for other OS Key extraction is required for manual installation
  • 11. Configuration file. Log file. Change Configuration File on Agent OSSEC configuration is controlled by a text file. Agent needs to be restarted after configuration changes. Log file is available for troubleshooting.
  • 12. Agent status should be active. Verify HIDS Operations Displays overview of OSSEC events and agent information Environment > Detection > HIDS > Overview
  • 13. OSSEC events. Verify HIDS Operations (Cont.) Verify if OSSEC events are displayed in the SIEM console. Utilize search filter to display only events from OSSEC data source. Analysis > Security Events (SIEM) > SIEM
  • 14. Verify HIDS Operations (Cont.) Environment > Detection > HIDS > Agents > Agent Control Verify registry integrity. Verify presence of rootkits. Verify file integrity.
  • 16. Syslog Forwarding Syslog configuration will vary based on source device/application but, usually, the necessary parameters are: • Destination IP • Source IP • Port (default is UDP 514)
  • 17. Enabling Plugins Enable plugin at the asset level General > Plugins > Edit Plugins Green light under “Receiving Data” will confirm successful log collection
  • 19. Vulnerability Assessment Uses a built-in OpenVAS scanner Detects vulnerabilities in assets • Vulnerabilities are correlated with events‘ cross-correlation rules • Useful for compliance reports and auditing Managed from the central SIEM console: • Running and scheduling vulnerability scans • Examining reports • Updating vulnerability signatures
  • 20. Advanced Options Vulnerability assessment can be: • Authenticated (SSH and SMB) • Unauthenticated Predefined profiles can be selected: • Non destructive full and slow scan • Non destructive full and fast scan • Full and fast scan including destructive tests Custom profiles can be created.
  • 21. Vulnerability Assessment Config 1. (Optionally) tune global vulnerability assessment settings. 2. (Optionally) create a set of credentials. 3. (Optionally) create a scanning profile. 4. Create a vulnerability scan job. 5. Examine scanning results. 6. Optionally create a vulnerability or compliance report.
  • 22. Update configuration. Select vulnerability ticket threshold. Tune Global Vulnerability Assessment Settings The vulnerability assessment system opens a ticket for found vulnerabilities. Start with a high threshold and fix important vulnerabilities first. Configuration > Administration > Main
  • 23. Specify login username. Specify credential set name. Select authentication type. Click settings. Create Set of Credentials Used to log into a machine for authenticated scan Supports the DOMAIN/USER username Environment > Vulnerabilities > Overview
  • 24. Examine 3 default profiles. Enable/disable plugin family. Create a new profle. Edit profiles. Create Scanning Profile Enable profiles that apply to assets you are scanning. Environment > Vulnerabilities > Overview
  • 25. Create a new scan job. Import Nessus scan report. Select schedule method. Specify scan job name. Select profile. Select server. Select assets. Select credential set for authenticated scan. Save job. Create Vulnerability Scan Job Environment > Vulnerabilities > Scan Jobs
  • 26. Examine vulnerability statistics. View vulnerability report for all assets. Examine reports for all scan jobs. Examine Vulnerabilities Results Environment > Vulnerabilities > Overview
  • 28. How is USM different? Correlation Directives: Over 2,000 built-in correlation directives developed by the AlienVault Labs Threat Research Team, and updated weekly Reporting: 150+ Customizable Reports, including compliance-specific reports Log Management: Robust Log Management, Log Search & Long-Term Log Retention Professional Support via phone & email as well as customer support portal And more…view comparison chart here: https://www.alienvault.com/products/compare-ossim-to-alienvault-usm “I started out with OSSIM and I didn’t fully realize how much value I would get out of USM until I started using it. The reporting is awesome, it’s been a big benefit for me. And, having a fully supported solution means I can get answers to my questions much more quickly than before.” – Matthew Frederickson, Director of Information Technology, Council Rock School District
  • 29. USM + Free Installation Services http://www.alienvault.com/marketing/smb-bundles
  • 30. 888.613.6023 ALIENVAULT.COM CONTACT US [email protected] Now for some Q&A Resources for OSSIM Users OSSIM vs. USM Comparison Chart https://www.alienvault.com/products/compare-ossim-to-alienvault-usm AlienVault Forum https://www.alienvault.com/forums/discussions/tagged/ossim LinkedIn Group https://www.linkedin.com/groupInvitation?gid=3793 Subscribe to the AlienVault Blog https://www.alienvault.com/blogs Hands-on 5-day Training Classes, in-person or “Live on-line” https://www.alienvault.com/support/classroom-training