العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolOSSIM
:''For the GIS project also named OSSIM, see Open Source Geospatial Foundation.''
'OSSIM', or the 'Open Source Security Information Management', is a BSD licensed collection of tools designed to aid network administrators in computer security, intrusion detection and prevention.
The project's goal is to provide a comprehensive collection of tools to grant an administrator a view of all the security-related aspects of their system. OSSIM also provides a strong correlation engine, with detailed low-, mid- and high-level visualization interfaces as well as reporting and incident managing tools. The ability to act as an intrusion-prevention system based on correlated information from virtually any source results in a useful security tool. All this information can be filtered by network or sensor in order to provide just the information needed by specific users, allowing for a fine grained multi-user security environment.
Ossim features the following software components:
★ Arpwatch, used for MAC address anomaly detection.
★ P0f, used for passive OS detection and OS change analysis.
★ Pads, used for service anomaly detection.
★ Nessus, used for vulnerability assessment and for cross correlation (Intrusion detection system (IDS) vs Vulnerability Scanner).
★ Snort, used as a Intrusion detection system (IDS), and also used for cross correlation with Nessus.
★ Spade, the ''statistical packet anomaly detection engine''. Used to gain knowledge about attacks without signature.
★ Tcptrack, used for session data information which can grant useful information for attack correlation.
★ Ntop, which builds an impressive network information database for aberrant behaviour anomaly detection.
★ Nagios, used to monitor host and service availability information based on a host asset database.
★ Osiris, a Host-based intrusion detection system (HIDS).
OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support.
★ Official website
★ Project web at Sourceforge
★ OSSIM Vmware Image
'OSSIM', or the 'Open Source Security Information Management', is a BSD licensed collection of tools designed to aid network administrators in computer security, intrusion detection and prevention.
The project's goal is to provide a comprehensive collection of tools to grant an administrator a view of all the security-related aspects of their system. OSSIM also provides a strong correlation engine, with detailed low-, mid- and high-level visualization interfaces as well as reporting and incident managing tools. The ability to act as an intrusion-prevention system based on correlated information from virtually any source results in a useful security tool. All this information can be filtered by network or sensor in order to provide just the information needed by specific users, allowing for a fine grained multi-user security environment.
| Contents |
| Components |
| External links |
Components
Ossim features the following software components:
★ Arpwatch, used for MAC address anomaly detection.
★ P0f, used for passive OS detection and OS change analysis.
★ Pads, used for service anomaly detection.
★ Nessus, used for vulnerability assessment and for cross correlation (Intrusion detection system (IDS) vs Vulnerability Scanner).
★ Snort, used as a Intrusion detection system (IDS), and also used for cross correlation with Nessus.
★ Spade, the ''statistical packet anomaly detection engine''. Used to gain knowledge about attacks without signature.
★ Tcptrack, used for session data information which can grant useful information for attack correlation.
★ Ntop, which builds an impressive network information database for aberrant behaviour anomaly detection.
★ Nagios, used to monitor host and service availability information based on a host asset database.
★ Osiris, a Host-based intrusion detection system (HIDS).
OSSIM Web Framework
OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support.
External links
★ Official website
★ Project web at Sourceforge
★ OSSIM Vmware Image
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
