AlienVault OSSIM

AlienVault OSSIM is mostly useful for us to determine which machines are behind on patches and updates. And it is a necessary tool for threat hunting as it collects events from all machines.

As an organization, we leveraged alien vault as a SIEM solution for ourselves and also as a managed services offering for our customers. The scope was to support environments from a security perspective collecting logs and generating reports and analytics for the purposes of IT security. This included custom reporting, leveraging on-premises appliances and delivery is security as a service.

AlienVault [OSSIM] is being used across the entire organization. It has an intelligent analytic engine to determine potential threats in our network. The dashboard provides a clear presentation of alerts and allows you to drill down into an alert to determine detailed information for research. It is also customizable to create rules and send email notifications.

Alien Vault is a great product, which I have used over at my previous job and had purchased and installed at my current position too. Alien Vault is being primarily used by the IT team, but since it protects our entire network benefits the business in its entirety. Once the team has overcome the initial flood of notifications and had fine-tuned the alerts, the product is great and you know that each alert requires investigation, which in the long run will help us mitigate issues with cybersecurity.

We're currently on a migration path to eliminate AlienVault OSSIM but it was our only SIEM when I first arrived on location. We use it to collect and analyze security data from a variety of sources. Kind of like a receiver is used to merge audio sources from a bunch of disparate systems.

AlienVault OSSIM is being used across the entire organization. We use the tools to assist in computer security, intrusion detection, and prevention. It provides effective threat detection, incident response, and compliance management, all done within a single appliance. The analysis is run in the background so we don't have to look at all the threats individually and research them from scratch.

Anyone who works in a K12 public school district knows you have just as many threats inside your network as outside. Think about it, what else do 7 through 12 graders have but time and curiosity? I've set this up on my perimeters at each of my high schools and middle schools, and again at the district level. My goal is to watch the traffic and devices inside each building and also across the buildings. We use it daily to monitor for unusual activity, devices, or strange "stuff" on our network.

It is currently being used by only the IT department. It is a fantastic tool to help with intrusion detection, asset discovery, SIEM correlation, behavior analytics, and a few other features. On the SIEM side, it does standard correlation, normalization, and collection. Being open source we use it only as part of a lab and not as our enterprise tool but it's been great working with it so far.

AlienVault OSSIM address's several business problems including but not limited to.

• SIEM
• Reporting
• Asset management

OSSIM allows all this to be done form a single management platform saving time and money in having to use multiple platforms to complete daily tasks. With the OSSIM you will need a separate syslog server to allow the collection on logs

AlienVault OSSIM is our lightweight, open-souce option for SIEM and vulnerability assessment in our company and recommended for deployment in our clients. OSSIM, besides being open-sourced (hence, free of charge, although also free of support), is very flexible being mounted over a special Linux distro (Debian-based) and easily installable either on physical or virtual servers. Despite being a lighter version of the full-fledged AlienVault All-In-One solution, it's very much capable of handling daily maintenance and inspection IT tasks such as IDS (Intrusion Detection System), both network-based and hardware-based, SIEM correlation, Asset Discovery, and also includes the very useful AlienVault OTX (Open Threat Exchange) platform, allowing you and your organization to keep up to date in terms of threats and malicious devices worldwide that can affect your operations via open collaborative information.

AlienVault OSSIM is used in the organization as a log centralization tool and also as an event manager. We also use the feature of asset and availability management. The Netflow feature is also really helpful at diagnosing spikes of activity in the network, we also rely on it to detect suspicious activity.