OSSIM (Open Source Security Information Management) unifies network monitoring, network/host security, correlation and qualification information in one single tool. It is designed and built to work with a number of Open Source and commercial tools. Its main goal is to get the most information from every single tool in a cohesive, easy to understand way.
-
OSSIM
Purchase the SIM CD user manual and CD. Step-by-step instructions on how to setup a tiered OSSIM installation. Buy now while supplies last! ![[padlock button]](http://images.lomin.com/padlock_button.gif)
OSSIM uses the following methods to help deliver concise information:- Event correlation
- Event qualification
- Network anomaly detection
- Qualified intrusion detection
- Network availability information
OSSIM integrates, qualifies and correlates both high level and low level security and network events. Sensors are integrated to gain per-view three network/host visibility levels, namely:
- Low level log/alert/anomaly information
- Mid level network risk level information
- High level decision support information
Tools OSSIM Uses
OSSIM uses network security information from a variety of Open Source tools; to include:
- Spade: network anomaly detection
- Snort: pattern matching intrusion detection system
- Acid: log viewer (Event Database)
- Ntop: network use monitor
- OpenNMS: Service availability monitoring
- Mrtg: graphing
- Mysql and PostgreSQL: data storage
- RRDtool: a system to store and display time-series data
- Nessus: vulnerability assessment
- Nmap: Network discovery
- Pads: Passive network discovery
- Tcptrack: Passive network connection monitor
OSSIM also works with a number of other commercial tools as well:
- Checkpoint: Firewall logs
- Cisco PIX
- Cisco Routers
- Cisco IDS
- UNIX: System logs
- Microsoft IIS
- Apache
- Iptables
- realsecure
The most complete and up-to-date information about OSSIM can be found at OSSIM’s website: http://www.ossim.net/.