December 18, 2007 | Dominique Karg

Tutorial 4: Correlation engine primer

Introduction In order to answer to a recent forum post [no longer available] I had to do a quick research since it had been some time since I last tested this. The exact question was: Hello, Is there a document talking about how the directives are processed? One question that I have…

December 7, 2007 | Dominique Karg

Tutorial 3: First recommended steps after installation

This tutorial tries to show the first common steps you could perform if you’re new to ossim and just finished installation, without knowing what to do next. The tutorial will cover: Policies Initial Inventory Scans Scheduled scans What to do next Many topics we’ll cover on this tutorial can be extended checking the documentation wiki http:/…

Get the latest
security news
in your inbox.

Subscribe via email


December 6, 2007 | Dominique Karg

Tutorial 2: Syslog data mining with attached md5sum. AKA "Store 100% of data".

1. The need. The Hype. There’s obviously a need for storing vast amount of logs, and few things today aren’t able to log into syslog. So it’s just obvious to stumble upon that request every once in a while, and this tutorial illustrates the OSSIM approach at massive syslog data storage. Of course, where you…

December 5, 2007 | Dominique Karg

A review of a commercial SIM

Some time ago, earlier this year, I had the opportunity to attend to a conference where one of the leading SIM vendors (according to gartner’s magic quadrant at least) talked about their product. Although my opinion will always be biased and I tend to compare all that I see on this area with OSSIM, I also believe that I’…

December 1, 2007 | Dominique Karg

OSSIM Mobile now available ;-)

Well, kindof at least… Since Apple’s iPhone is basically a stripped down MacosX and it has some nice toys to play with, I thought I’d give the provided python port a try and fire up the OSSIM agent. As expected everything worked like a charm and getting ossim up & running was very easy. Here…

November 30, 2007 | Dominique Karg

MySQL performance tuning applied to OSSIM. Case 1.

I’d like to share my first actual success on mysql tuning, after having spent a couple of days reading everything I could about the matter (and still waiting for the books to arrive). From what I’ve seen a very important point on DB optimization is the right table design, followed by the right queries and finally…

November 28, 2007 | Dominique Karg

MySQL Performance Tuning

I’ve finally decided to learn everything I could about MySQL performance tuning; we’re working on highly tuned appliances and this is a must for high-traffic environments. I’d like to share my first findings on interesting stuff and encourage comments on the matter, which seems as deep as any science. These last days we’ve discussing about this…

November 26, 2007 | Dominique Karg

Plugin Tree && Graph installer update

I thought I’d post a plugin tree I just hacked together here. It uses a javascript library and could be useful to someone. I’m not posting the complete tree here since the page is about 1MB big. As a little extra, below is some sample output from the graph package installer. Pablo’s almost done…

November 25, 2007 | Dominique Karg

Tutorial 1: Host Inventory using OSSIM

This post will be the first of a series of tutorials describing how to accompliush certain useful things using OSSIM. A friendly IT teacher from Oklahoma suggested that it would be a good idea, and I have to agree. And on top, it’s relaxing 😊. So here we go, this first installment will focus on deploying…

November 24, 2007 | Dominique Karg

Installer updates.

Let’s get a first meaningful update running too. We have been working hard these last weeks to get the installer out and polish some outstanding issues. After the initial releases, our priorities are now focused on: Get an updater done (will be included with 1.0.4) Fix some remaining issues (two persons have reported hangs at specific OS installation stages) …