Objectives

You will understand how to deploy and work with AlienVault in OSSIM

Why you need to know

As a network admin, you need to monitor servers in the org network. Then, you need to deploy OSSIM and create some tickets with it.

What is OSSIM and AlienVault

OSSIM (Open Source Security Information Management) is an open source security information and event management system. It has integrated into it a selection of tools designed to aid network admin in security, intrusion detection, and prevention. AlienVault is one of OSSIM and a ticket is an element of AlienVault that contains information about detected alarms or any other issues that you want to track in a workflow.

Network Topology

Demo(Host scan)

1:Login Domain Controller.

2: Launch any browser and type https://10.0.0.104 (AlienVault) and Enter

3:AlienVault OSSIM screen appears, hover your mouse cursor on Environment and click Assets&Groups

4:Click Networks tab. Click Add Network node and then click Add Network

5:New Network pop-up appears, type Domain Controller in the Name field, and type 10.0.0.101/24 in the CIDR text box, leave the other settings to default and save

6: Click Actions node and then click Run Asset Scan

7: Leave the settings to default and click Start SCAN

8: You can see the result of scan

Demo(Incident response)

1:Login Domain Controller

2:Type https://10.0.0.104 in browser.

3:To view Tickets, hover your mouse cursor on ANALYSIS and click TICKETS from the context menu.

4: You can see existing tickets

5:To create a new ticket, choose the ticket type from “Open a new ticket manually drop-down” click Create (Here, vulnerability)

6:Fill the following details in NEW TICKET section and save

7: The created new ticket will be added into the list of tickets with status as Open.

8: Open the new ticket (vulnerability). As a network admin, you will trouble shoot the problem and will resolve the issue. Once the issue is resolved, you will go to the appropriate ticket and you need to assign the status.

9: If the problem is solved, then you will scroll down in the ticket details page, in the Status field choose Close and save it.

10: you can see the status changed of the ticket.

Conclusion

You learned how to scan a host and create a ticket with AlienVault OSSIM.