Browsed by
Tag: SIEM

An alternative to Snare Agent – NXLOG

An alternative to Snare Agent – NXLOG

Many companies running SIEM are using Snare agent, especially Snare for Windows. The need for collection of Windows Event Log data (as well as other Windows log files) and transferring it in syslog format is nothing new to the industry. It is even surprising that it has not been yet addressed by Microsoft. Without doubt we can say that Snare is a leading vendor in this field. Snare agent Enterprise version is providing a lot of useful features, for example Agent…

Read More Read More

OSSIM & Azure – initial configuration

OSSIM & Azure – initial configuration

In the previous part of this tutorial we deployed OSSIM instance. Now it’s time for initial configuration. As a good start, let’s configure IP address. VM should have static private address. It can be configured via Azure Portal. Go to Virtual machines (classic) and select OSSIM VM. Then show all settings and select IP address on “General” tab. Use your ssh client to connect to the VM. ssh l adminuser your_dnsname.cloudapp.net Change to root user. sudo su - From the menu select 3 – Jailbreak…

Read More Read More

Deploying OSSIM to MS Azure Cloud

Deploying OSSIM to MS Azure Cloud

In the previous part of this tutorial I have created a VHD with AlienVault OSSIM. The next step is deployment to the Cloud. I am going to use Azure Classic model because it allows to create your own VM images quite easily. The first step is to create a storage account. Go to manage.windowsazure.com and click “+ New” button on the bottom of the page. I am going to upload the file via Azure CLI [Download] and Azure PowerShell [Download], however…

Read More Read More

Creating OSSIM image for MS Azure

Creating OSSIM image for MS Azure

Running SIEM in a Cloud AlienVault OSSIM is an open source SIEM software. It is a great security addition to any low-budget environment. I am going to run OSSIM inside my virtual lab. Unfortunately it is not available on Azure Marketplace (and AWS is offering only paid version of AlienVault SIEM: USM). However it is possible to create your own VM Image and upload it to the Cloud. Creating OSSIM image for MS Azure Download OSSIM iso and VirtualBox. Install VirtualBox. Start…

Read More Read More