February 15, 2008 | Dominique Karg

Installer / updater coming :-)

We’re proud to announce the soon-to-be-available 1.0.4 installer (versioning wise it could be 1.1 or even higher because of all of the changes but, well, we called it 1.0.4), both as a standalone ISO image as well as the updater. We’ve been working very hard the past months on this, the updater has been a nightmare. It’s…

January 17, 2008 | Dominique Karg

OSSIM applied to ITIL

Recently I stumbled across an interesting article talking about Microsoft, Opensource and ITIL where ossim was being mentioned. (the article can also be found googling for “ossim itil microsoft” in case the link breaks). I’ve never been very keen about learning ITIL either (although I’ve heard about it everywhere during the last year) but…

Get the latest security news in your inbox.

Subscribe via Email

January 1, 2008 | Dominique Karg

Greetings from Istanbul

After having spent five days in this nice city I wanted to say goodbye through a post. It’s the second time I went here (sadly both times I had to work but I’ll come back for fun someday, that for sure) and I really enjoyed the stay. This time I had a nicer Hotel than last…

December 19, 2007 | Dominique Karg

Tutorial 5: Windows event logging

The windows event log As an introduction to windows event logging I recommend reading the following article: Monitoring and Troubleshooting Using Event Logs. It’s the first interesting one I’ve found after googling for an introduction. Quoting the article, which also talks about EventCombMT.exe which we’ll mention later: This article reviews best practices for…

December 18, 2007 | Dominique Karg

Tutorial 4: Correlation engine primer

Introduction In order to answer to a recent forum post https://sourceforge.net/forum/message.php?msg_id=4666889 [no longer available] I had to do a quick research since it had been some time since I last tested this. The exact question was: Hello, Is there a document talking about how the directives are processed? One question that I have…

December 7, 2007 | Dominique Karg

Tutorial 3: First recommended steps after installation

This tutorial tries to show the first common steps you could perform if you’re new to ossim and just finished installation, without knowing what to do next. The tutorial will cover: Policies Initial Inventory Scans Scheduled scans What to do next Many topics we’ll cover on this tutorial can be extended checking the documentation wiki http:/…

December 6, 2007 | Dominique Karg

Tutorial 2: Syslog data mining with attached md5sum. AKA "Store 100% of data".

1. The need. The Hype. There’s obviously a need for storing vast amount of logs, and few things today aren’t able to log into syslog. So it’s just obvious to stumble upon that request every once in a while, and this tutorial illustrates the OSSIM approach at massive syslog data storage. Of course, where you…

December 5, 2007 | Dominique Karg

A review of a commercial SIM

Some time ago, earlier this year, I had the opportunity to attend to a conference where one of the leading SIM vendors (according to gartner’s magic quadrant at least) talked about their product. Although my opinion will always be biased and I tend to compare all that I see on this area with OSSIM, I also believe that I’…

December 1, 2007 | Dominique Karg

OSSIM Mobile now available ;-)

Well, kindof at least… Since Apple’s iPhone is basically a stripped down MacosX and it has some nice toys to play with, I thought I’d give the provided python port a try and fire up the OSSIM agent. As expected everything worked like a charm and getting ossim up & running was very easy. Here…

November 30, 2007 | Dominique Karg

MySQL performance tuning applied to OSSIM. Case 1.

I’d like to share my first actual success on mysql tuning, after having spent a couple of days reading everything I could about the matter (and still waiting for the books to arrive). From what I’ve seen a very important point on DB optimization is the right table design, followed by the right queries and finally…

November 28, 2007 | Dominique Karg

MySQL Performance Tuning

I’ve finally decided to learn everything I could about MySQL performance tuning; we’re working on highly tuned appliances and this is a must for high-traffic environments. I’d like to share my first findings on interesting stuff and encourage comments on the matter, which seems as deep as any science. These last days we’ve discussing about this…

November 26, 2007 | Dominique Karg

Plugin Tree && Graph installer update

I thought I’d post a plugin tree I just hacked together here. It uses a javascript library and could be useful to someone. I’m not posting the complete tree here since the page is about 1MB big. As a little extra, below is some sample output from the graph package installer. Pablo’s almost done…

Watch a Demo ›
Get Price Free Trial