Coming from a Linux background, and being in InfoSec, I always try to stay on top of the Open Source Community’s offerings to our space. I have installed/managed AlienVault in the past, but I haven’t used it in a few years and wanted to see just what I could come up with on my home network. If you wanna follow along, by all means:
- Download the latest version of OSSIM here: http://downloads.alienvault.com/c/download?version=current_ossim_iso
- For the paranoid, get the MD5 sum here and make sure it matches!: https://www.alienvault.com/open-threat-exchange/projects
- In my scenario, the MD5 Checksum is 80d915f3dfb5aedab31b5981efff582f. If you are using Linux, it’s easy to determine the MD5 checksum of the file. Just open a terminal and use the md5sum command. If you are on Windows and have PowerShell 4, execute Get-FileHash <file> -Algorithm MD5. On < 4, run an obnoxious script.
- Fire up your VM software of choice (VMware Workstation, VirtualBox, Hyper-V) and build yourself a VM with the aforementioned .iso. Truth be told, an appliance like this is best installed on physical hardware, but if you just wanna check it out, using a VM is fine.
- Install OSSIM
- Give yourself an IP (preferably outside of the DHCP range of your router).
- Create a nice password.
- Let ‘er eat.
- And we’re done! Navigate to the web console, just like it tells ya’ to!
- Fill out some basic info to get started.
- That’s it for now. You’ll get prompted for a wizard which you should follow if you’re new to all this. I’ll keep you updated as I work through it and apply more of the features to my home network.
- This is super cool. Automatically deploy HIDS to your hosts!
- And automatically load log management plugins based on OS and vendor of network components.