Abstract

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

The topics we would like to cover are :

1. SOC / Monitoring
2. SIEM Architecture
3. OSSIM Installation
4. Device Log Forwarding towards OSSIM
5. Parsing Logs
6. Mapping With MYSQL in OSSIM Server
7. OSSIM Console / Dashboard General Description
8. Writing Correlation Rules / Directives
9. Triggering Alarms
10. OSSEC Configuration ( Optional )

Pre-requisites

1. Knowledge of basic regular expression, linux commands and SQL.
2. Laptops with recommended configuration of 4 GB RAM with WiFi connectivity.
3. VMware installed on each laptops.

Speakers:
Abhijit Maithy

Speaker

Abhijit Maity

Still learning...

Timing

Starts at Saturday April 16 2016, 12:00 PM. The sessions runs for about 3 hours.

Resources