Installing and Configuring OSSIM 5.0

Coming from a Linux background, and being in InfoSec, I always try to stay on top of the Open Source Community’s offerings to our space. I have installed/managed AlienVault in the past, but I haven’t used it in a few years and wanted to see just what I could come up with on my home network. If you wanna follow along, by all means:

  1. Download the latest version of OSSIM here: http://downloads.alienvault.com/c/download?version=current_ossim_iso
    1. For the paranoid, get the MD5 sum here and make sure it matches!: https://www.alienvault.com/open-threat-exchange/projects
    2. In my scenario, the MD5 Checksum is 80d915f3dfb5aedab31b5981efff582f. If you are using Linux, it’s easy to determine the MD5 checksum of the file. Just open a terminal and use the md5sum command. If you are on Windows and have PowerShell 4, execute Get-FileHash <file> -Algorithm MD5. On < 4, run an obnoxious script.
  2. Fire up your VM software of choice (VMware Workstation, VirtualBox, Hyper-V) and build yourself a VM with the aforementioned .iso. Truth be told, an appliance like this is best installed on physical hardware, but if you just wanna check it out, using a VM is fine.
  3. Install OSSIM
    1. 2015-05-02 19_52_57-OSSIM - VMware Workstation
  4. Give yourself an IP (preferably outside of the DHCP range of your router).
    1. 2015-05-02 19_56_18-OSSIM - VMware Workstation
  5. Create a nice password.
    1. 2015-05-02 19_57_19-OSSIM - VMware Workstation
  6. Let ‘er eat.
    1. 2015-05-02 19_59_45-OSSIM - VMware Workstation
  7. And we’re done! Navigate to the web console, just like it tells ya’ to!
    1. 2015-05-02 20_07_49-OSSIM - VMware Workstation
  8. Fill out some basic info to get started.
    1. 2015-05-02 20_09_29-AlienVault OSSIM [alienvault - 192.168.1.100]
  9. That’s it for now. You’ll get prompted for a wizard which you should follow if you’re new to all this. I’ll keep you updated as I work through it and apply more of the features to my home network.
    1. 2015-05-02 20_12_24-AlienVault OSSIM
  10. This is super cool. Automatically deploy HIDS to your hosts!
    1. 2015-05-02 20_18_18-AlienVault OSSIM
  11. And automatically load log management plugins based on OS and vendor of network components.
    1. 2015-05-02 20_22_11-AlienVault OSSIM

2 thoughts on “Installing and Configuring OSSIM 5.0”

Leave a Reply

Your email address will not be published. Required fields are marked *