March 5, 2008 | Dominique Karg

User feedback

I wanted to point you at two things I think that are important, things that we’ve been neglecting in the past months. IRC Channel: we’ve ignored this way of communication for quite some time but enough of that, I added a “fire up BitchX” postit on my desk so from now on I&rsquo…

February 22, 2008 | Dominique Karg

OSSIM Installer 1.0.4 released

After having written the whole thing a reduced version for those with little time available seems in place. We’ve released OSSIM 0.9.9 this week, release which was followed by a post to BugTraq [no longer available] regarding some XSS and SQL vulnerabilities present on OSSIM. After having fixed those vulnerabilities we’re…

Get the latest
security news
in your inbox.

Subscribe via email


February 15, 2008 | Dominique Karg

Installer / updater coming :-)

We’re proud to announce the soon-to-be-available 1.0.4 installer (versioning wise it could be 1.1 or even higher because of all of the changes but, well, we called it 1.0.4), both as a standalone ISO image as well as the updater. We’ve been working very hard the past months on this, the updater has been a nightmare. It’s…

January 17, 2008 | Dominique Karg

OSSIM applied to ITIL

Recently I stumbled across an interesting article talking about Microsoft, Opensource and ITIL where ossim was being mentioned. (the article can also be found googling for “ossim itil microsoft” in case the link breaks). I’ve never been very keen about learning ITIL either (although I’ve heard about it everywhere during the last year) but…

January 1, 2008 | Dominique Karg

Greetings from Istanbul

After having spent five days in this nice city I wanted to say goodbye through a post. It’s the second time I went here (sadly both times I had to work but I’ll come back for fun someday, that for sure) and I really enjoyed the stay. This time I had a nicer Hotel than last…

December 19, 2007 | Dominique Karg

Tutorial 5: Windows event logging

The windows event log As an introduction to windows event logging I recommend reading the following article: Monitoring and Troubleshooting Using Event Logs. It’s the first interesting one I’ve found after googling for an introduction. Quoting the article, which also talks about EventCombMT.exe which we’ll mention later: This article reviews best practices for…

December 18, 2007 | Dominique Karg

Tutorial 4: Correlation engine primer

Introduction In order to answer to a recent forum post [no longer available] I had to do a quick research since it had been some time since I last tested this. The exact question was: Hello, Is there a document talking about how the directives are processed? One question that I have…

December 7, 2007 | Dominique Karg

Tutorial 3: First recommended steps after installation

This tutorial tries to show the first common steps you could perform if you’re new to ossim and just finished installation, without knowing what to do next. The tutorial will cover: Policies Initial Inventory Scans Scheduled scans What to do next Many topics we’ll cover on this tutorial can be extended checking the documentation wiki http:/…

December 6, 2007 | Dominique Karg

Tutorial 2: Syslog data mining with attached md5sum. AKA "Store 100% of data".

1. The need. The Hype. There’s obviously a need for storing vast amount of logs, and few things today aren’t able to log into syslog. So it’s just obvious to stumble upon that request every once in a while, and this tutorial illustrates the OSSIM approach at massive syslog data storage. Of course, where you…

December 5, 2007 | Dominique Karg

A review of a commercial SIM

Some time ago, earlier this year, I had the opportunity to attend to a conference where one of the leading SIM vendors (according to gartner’s magic quadrant at least) talked about their product. Although my opinion will always be biased and I tend to compare all that I see on this area with OSSIM, I also believe that I’…

December 1, 2007 | Dominique Karg

OSSIM Mobile now available ;-)

Well, kindof at least… Since Apple’s iPhone is basically a stripped down MacosX and it has some nice toys to play with, I thought I’d give the provided python port a try and fire up the OSSIM agent. As expected everything worked like a charm and getting ossim up & running was very easy. Here…

November 30, 2007 | Dominique Karg

MySQL performance tuning applied to OSSIM. Case 1.

I’d like to share my first actual success on mysql tuning, after having spent a couple of days reading everything I could about the matter (and still waiting for the books to arrive). From what I’ve seen a very important point on DB optimization is the right table design, followed by the right queries and finally…