Jump to content

OSSIM

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Nono64 (talk | contribs) at 09:15, 27 November 2009 (Operating system : "OS" disambiguation). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

For the GIS project, see Open Source Geospatial Foundation.
OSSIM
Developer(s)OSSIM development team
Stable release
0.9.9 / Feb 20, 2008
Operating systemUnix
TypeSecurity / IDS
LicenseGpl
Websitewww.ossim.net

OSSIM, or the Open Source Security Information Management, is a collection of tools designed to aid network administrators in computer security, intrusion detection and prevention.

The project's goal is to provide a comprehensive collection of tools to grant an administrator a view of all the security-related aspects of their system. OSSIM also provides a strong correlation engine, with detailed low-, mid- and high-level visualization interfaces as well as reporting and incident managing tools. The ability to act as an intrusion-prevention system based on correlated information from virtually any source results in a useful security tool. All this information can be filtered by network or sensor in order to provide just the information needed by specific users, allowing for a fine grained multi-user security environment.

Components

File:Ossim-metrics.png
OSSIM Web Framework

Ossim features the following software components:

  • Arpwatch, used for MAC address anomaly detection.
  • P0f, used for passive OS detection and OS change analysis.
  • Pads, used for service anomaly detection.
  • Nessus, used for vulnerability assessment and for cross correlation (Intrusion detection system (IDS) vs Vulnerability Scanner).
  • Snort, used as a Intrusion detection system (IDS), and also used for cross correlation with Nessus.
  • Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
  • Tcptrack, used for session data information which can grant useful information for attack correlation.
  • Ntop, which builds an impressive network information database for aberrant behaviour anomaly detection.
  • Nagios, used to monitor host and service availability information based on a host asset database.
  • Osiris, a Host-based intrusion detection system (HIDS).
  • Snare, a log collector for windows systems.
  • OSSEC, a host based IDS.
  • OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support and logs integration with plugins.
Stub icon

This software article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=OSSIM&oldid=328181990"