Alien Vault is an open source information security and event management tool for real-time Thread Detection. Alien Vault tool is used in most of the organization to monitor websites, databases, data centers, servers, desktops, applications, and other information devices for suspicious activities in the real-time environment. There are many other basic level threat monitoring tools available, also suggested by researcher of International Institute of Cyber Security.
- SIEM is a combination of two different types of technologies:
- SIM (Security Information Management) – Logs collection and report generation.
- SEM (Security Event Manager) – Analysis of event in real time and correlation of event.
- This application is having best features like Event Collection, Event Normalization, Event Correlation.
- Event Collection: This option is used to collect the log’s of information devices like Servers, Firewalls, and Routers from our environment.
- Event Normalization: This option will extract all the log data files and stores in folders which contains all the information like IP address, Hostname, usernames, ports, etc.
- Event Correlation: This option is used to correlate all the commonly collected events, which we collected from environment.
Installation
- Download OSSIM ISO, from here.
- Here, choose OSSIM (Open Source Security Information Management) and press ENTER.
- Choose the preferred Language and click on continue.
- Choose the country and click on continue.
- Choose keymap to use and click on continue.
- Assign IP address to this machine.
- Set a password for root. After that, it will start installing.
- If successfully installed we will be able to see this screen in our machine.
- Here, type login as root and password. Then open this URL in the browser https://<IP address>/ for web interface.
- Now, enter the few details to create an account to access the alien vault products.
- Next, type username and password to log in, then we will be able to view this.
- Follows steps to Monitor Network, Discover Assets, and Collect Logs & Monitor Assets. Click on the start option to start the alien vault OSSIM.
- Follow steps as mentioned in screen and click on sign up now to create an account for OTX (Open Threat Exchange) and login to view all the activities in our LAN (Local Area Network).
- Here, we can view all the activities.
Conclusion
This tool can be used in your organization to monitor all websites, databases, data centers, servers, desktops, applications, and other information devices for Threat Detection And Incident Response in the real-time environment.
Cyber Security Specialist with 18+ years of industry experience . Worked on the projects with AT&T, Citrix, Google, Conexant, IPolicy Networks (Tech Mahindra) and HFCL. Constantly keeping world update on the happening in Cyber Security Area.
