AT&T Cybersecurity Blog: Featured Post

Tracking an Infected Host Using OSSIM / USM with Customization

December 21, 2016 | Dmitry Shulinin
Search Our Blogs
Dmitry Shulinin

Dmitry Shulinin

Having completed over 8 years in the specialist field of information security and system administration I gained experience implementing different information security solutions like firewalls, IPS, antivirus systems, DLP and SIEM. I’ve also developed skills in detecting and mitigating attacks and conducting computer forensics. My interest in automation of processes and creating something new pushed me to learning scripting languages (bash) and python. The latter was also found to be very suitable in data analysis, which in conjunction with SIEM technologies, is my main interest at present.

December 21, 2016 | Dmitry Shulinin

Tracking an Infected Host Using OSSIM / USM with Customization

Good day everyone! Today I want to share the experience of tracking the activity of malicious software on a host with the help of OSSIM or USM, and some customization. Let’s look at a typical network of a small or mid-sized enterprise. For example, we have a few client PCs running Windows 7, 8, 10, and a domain controller which also acts…

Read more ›

Security Essentials
September 14, 2016 | Dmitry Shulinin

How to Use OSSIM / USM Active Lists with Python Scripts

Hello, dear Alien Nation and all the community! What I want to explore today is the so-called “active lists” functionality and how it can be implemented in USM/OSSIM. Let me explain what I call an “active list” with the following example. Let’s say we have some application (A) to which users log in do their work and then…

Read more ›

Security Essentials

Get the latest security news in your inbox.

Subscribe via email

RSS

August 25, 2016 | Dmitry Shulinin

Using Custom Functions in USM and OSSIM for Additional Parsing of Log Data

Good day everybody. Today I’m going to examine and explain the functionality of “custom functions”, used in OSSIM/USM parsers. Those are the functions meant to modify the data after the agent finishes parsing. There are several built-in functions such as: “resolv()”, which resolves the IP by hostname “normalize_date()” which normalizes the timestamp In the following example I…

Read more ›

Security Essentials

Effective January 15, 2021 AlienVault will be governed by the AT&T Communications Privacy Policy. You can read the new policy at att.com/privacy, and learn more here.

By using our website, you agree to our Privacy Policy & Website Terms of Use.