Alienvault OSSIM Implementation, Monitoring & Incident Response and Handling null Mumbai Bachaav 16 April 2016 All that you need to know about AlienVault OSSIM
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.
The topics we would like to cover are :
- SOC / Monitoring
- SIEM Architecture
- OSSIM Installation
- Device Log Forwarding towards OSSIM
- Parsing Logs
- Mapping With MYSQL in OSSIM Server
- OSSIM Console / Dashboard General Description
- Writing Correlation Rules / Directives
- Triggering Alarms
- OSSEC Configuration ( Optional )
- Knowledge of basic regular expression, linux commands and SQL.
- Laptops with recommended configuration of 4 GB RAM with WiFi connectivity.
- VMware installed on each laptops.
Starts at Saturday April 16 2016, 12:00 PM. The sessions runs for about 3 hours.