OSSIM: Difference between revisions
m →Components: dab |
m →Components: dab |
||
| Line 22: | Line 22: | ||
Ossim features the following software components: |
Ossim features the following software components: |
||
* [[Arpwatch]], used for mac anomaly detection. |
* [[Arpwatch]], used for [[MAC address|mac]] anomaly detection. |
||
* P0f, used for passive OS detection and os change analysis. |
* P0f, used for passive OS detection and os change analysis. |
||
* Pads, used for service anomaly detection. |
* Pads, used for service anomaly detection. |
||
Revision as of 01:37, 23 May 2007
- For the GIS project also named OSSIM, see Open Source Geospatial Foundation.
| File:OSSIM logo.png | |
| Developer(s) | OSSIM development team |
|---|---|
| Stable release | |
| Operating system | Unix |
| Type | Security / IDS |
| License | BSD |
| Website | www.ossim.net |
OSSIM, or the Open Source Security Information Management is a BSD licensed collection of tools designed to aid network administrators in computer security and intrusion detection and prevention.
The project's goal is to provide a comprehensive compilation of tools which, when working together, grant an administrator a view of all the security-related aspects of their system. OSSIM also provides a strong correlation engine, with detailed low-, mid- and high-level visualization interfaces as well as reporting and incident managing tools, working on a set of defined assets such as hosts, networks, groups and services. All this information can be filtered by network or sensor in order to provide just the needed information to specific users allowing for a fine grained multi-user security environment. Also, the ability to act as an intrusion-prevention system based on correlated information from virtually any source result in a useful addition to any security professional.
Components
Ossim features the following software components:
- Arpwatch, used for mac anomaly detection.
- P0f, used for passive OS detection and os change analysis.
- Pads, used for service anomaly detection.
- Nessus, used for vulnerability assessment and for cross correlation (Intrusion detection system (IDS) vs Vulnerability Scanner).
- Snort, the Intrusion detection system (IDS), also used for cross correlation with Nessus.
- Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
- Tcptrack, used for session data information which can grant useful information for attack correlation.
- Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
- Nagios, Being fed from the host asset database it monitors host and service availability information.
- Osiris, a great HIDS.
OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support.
External links
 | This software article is a stub. You can help Wikipedia by expanding it. |