SlideShare a Scribd company logo

Improve Threat Detection with OSSEC and AlienVault USM

Download as PPTX, PDF
AlienVault, profile picture
AlienVault

AlienVault provides mid-sized businesses with unified security products, intelligence, and community resources for modern threat defense. The document details AlienVault's capabilities, including OSSEC features like log analysis and vulnerability assessment, along with an overview of the USM architecture and integrated tools. It also offers insights into event correlation and management through a comprehensive GUI for effective security monitoring.

1 of 12
Downloaded 113 times
1
2
3
4
5
6
7
8
9
10
11
12
Improve Threat Detection with OSSEC and AlienVault USM
About AlienVault AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against today’s modern threats
Agenda OSSEC capabilities AlienVault USM capabilities Demo – See it in action • Remote OSSEC agent deployment, configuration and management • Behavioral monitoring of servers and workstations • Logging and reporting for PCI compliance • Data correlation with IP reputation data, vulnerability scans and more • Correlating OSSEC events to detect attacks
OSSEC & AlienVault USM Learning the Basics…
OSSEC capabilities Log analysis based intrusion detection File integrity checking Registry keys integrity checking (Windows) Signature based malware/rootkits detection Real-time alerting and active response
OSSEC Architecture Agent components: Logcollectord: Read logs (syslog, WMI, flat files) Syscheckd: File integrity checking Rootcheckd: Malware and rootkits detection Agentd: Forwards data to the server Server components: Remoted: Receives data from agents Analysisd: Processes data (main process) Monitord: Monitor agents
ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE/SIEM • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • File Integrity Monitoring USM Platform Integrated, Essential Security Controls
AlienVault USM Architecture Embedded tools: Asset discovery: Nmap, Prads Behavioral monitoring: Netflow, Ntop, Nagios Threat detection: Snort, Suricata, OSSEC Vulnerability assessment: OpenVas External collectors: Syslog WMI SDEE
AlienVault Event Correlation AlienVault USM correlates events from multiple sources, crossing OSSEC alerts with information collected from embedded detectors and external sources.
OSSEC Management Interface • Status monitor • Events viewer • Agents control manager • Configuration manager • Rules viewer/editor • Logs viewer • Server control manager • Deployment manager • Rules viewer/editor AlienVault USM provides a comprehensive GUI for OSSEC alerts management:
Let’s See It In Action
888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Now for some Q&A.. Questions? Hello@AlienVault.com Twitter : @alienvault

More Related Content

PPTX
Introduction to penetration testing
Nezar Alazzabi
 
PPTX
WTF is Penetration Testing v.2
Scott Sutherland
 
PPT
Introduction To OWASP
Marco Morana
 
PPTX
Cyber Threat Hunting Workshop
Digit Oktavianto
 
PPTX
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
PDF
Threat Modelling - It's not just for developers
MITRE ATT&CK
 
PDF
Building an InfoSec RedTeam
Dan Vasile
 
PPTX
MITRE ATT&CK framework
Bhushan Gurav
 
Introduction to penetration testing
Nezar Alazzabi
 
WTF is Penetration Testing v.2
Scott Sutherland
 
Introduction To OWASP
Marco Morana
 
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Threat Modelling - It's not just for developers
MITRE ATT&CK
 
Building an InfoSec RedTeam
Dan Vasile
 
MITRE ATT&CK framework
Bhushan Gurav
 

What's hot (20)

PDF
Red Team Framework
👀 Joe Gray
 
PDF
Introduction: CISSP Certification
Sam Bowne
 
PDF
The ATT&CK Philharmonic
MITRE ATT&CK
 
PDF
Rusya kaynaklı siber saldırılar
Alper Başaran
 
PDF
MITRE ATT&CK Framework
n|u - The Open Security Community
 
PPTX
Integrated Tools in OSSIM
AlienVault
 
PDF
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
PDF
Windows Threat Hunting
GIBIN JOHN
 
PPTX
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
PDF
Uygulamalı Ağ Güvenliği Eğitimi Lab Çalışmaları
BGA Cyber Security
 
PDF
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
PDF
Introduction to MITRE ATT&CK
Arpan Raval
 
PDF
Penetration testing web application web application (in) security
Nahidul Kibria
 
PPTX
Intrusion detection system and intrusion prevention system
salutiontechnology
 
PPTX
NIST Critical Security Framework (CSF)
Priyanka Aash
 
PPTX
Web application security
Kapil Sharma
 
PDF
State of the ATT&CK
MITRE ATT&CK
 
PPTX
mobile application security
-jyothish kumar sirigidi
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
PDF
CIS Security Benchmark
Rahul Khengare
 
Red Team Framework
👀 Joe Gray
 
Introduction: CISSP Certification
Sam Bowne
 
The ATT&CK Philharmonic
MITRE ATT&CK
 
Rusya kaynaklı siber saldırılar
Alper Başaran
 
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Integrated Tools in OSSIM
AlienVault
 
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Windows Threat Hunting
GIBIN JOHN
 
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Uygulamalı Ağ Güvenliği Eğitimi Lab Çalışmaları
BGA Cyber Security
 
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
Introduction to MITRE ATT&CK
Arpan Raval
 
Penetration testing web application web application (in) security
Nahidul Kibria
 
Intrusion detection system and intrusion prevention system
salutiontechnology
 
NIST Critical Security Framework (CSF)
Priyanka Aash
 
Web application security
Kapil Sharma
 
State of the ATT&CK
MITRE ATT&CK
 
mobile application security
-jyothish kumar sirigidi
 
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
CIS Security Benchmark
Rahul Khengare
 
Ad

Similar to Improve Threat Detection with OSSEC and AlienVault USM (20)

PPTX
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
PPTX
How to Detect a Cryptolocker Infection with AlienVault USM
AlienVault
 
PPTX
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
PPTX
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
AlienVault
 
PPTX
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
PDF
Incident Response Whitepaper - AlienVault
Jermund Ottermo
 
PPTX
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
PPTX
Improve threat detection with hids and alien vault usm
AlienVault
 
PPTX
How Malware Works
AlienVault
 
PPTX
Alienvault threat alerts in spiceworks
AlienVault
 
PPTX
Spice world 2014 hacker smackdown
AlienVault
 
PDF
USM appliance datasheet 2024 latest 070324
MuhammadAmirulSyazwa2
 
PPTX
How to Solve Your Top IT Security Reporting Challenges with AlienVault
AlienVault
 
PPTX
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
PPTX
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
PPTX
How to Investigate Threat Alerts in Spiceworks!
AlienVault
 
PPTX
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
PPTX
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
AlienVault
 
PPTX
SpiceWorks Webinar: Whose logs, what logs, why logs
AlienVault
 
PPTX
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
AlienVault
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
How to Detect a Cryptolocker Infection with AlienVault USM
AlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
AlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
Incident Response Whitepaper - AlienVault
Jermund Ottermo
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
Improve threat detection with hids and alien vault usm
AlienVault
 
How Malware Works
AlienVault
 
Alienvault threat alerts in spiceworks
AlienVault
 
Spice world 2014 hacker smackdown
AlienVault
 
USM appliance datasheet 2024 latest 070324
MuhammadAmirulSyazwa2
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
AlienVault
 
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
How to Investigate Threat Alerts in Spiceworks!
AlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
AlienVault
 
SpiceWorks Webinar: Whose logs, what logs, why logs
AlienVault
 
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
AlienVault
 
Ad

More from AlienVault (19)

PDF
Malware Invaders - Is Your OS at Risk?
AlienVault
 
PPTX
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
PDF
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
PDF
Insider Threat Detection Recommendations
AlienVault
 
PDF
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
PPTX
Malware detection how to spot infections early with alien vault usm
AlienVault
 
PDF
Security operations center 5 security controls
AlienVault
 
PDF
PCI DSS Implementation: A Five Step Guide
AlienVault
 
PDF
The State of Incident Response - INFOGRAPHIC
AlienVault
 
PPTX
Incident response live demo slides final
AlienVault
 
PPTX
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
PPTX
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
PDF
Alien vault sans cyber threat intelligence
AlienVault
 
PPTX
Security by Collaboration: Rethinking Red Teams versus Blue Teams
AlienVault
 
PPTX
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
AlienVault
 
PPTX
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 
PPTX
Demo how to detect ransomware with alien vault usm_gg
AlienVault
 
PPTX
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
Malware Invaders - Is Your OS at Risk?
AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
Insider Threat Detection Recommendations
AlienVault
 
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
Malware detection how to spot infections early with alien vault usm
AlienVault
 
Security operations center 5 security controls
AlienVault
 
PCI DSS Implementation: A Five Step Guide
AlienVault
 
The State of Incident Response - INFOGRAPHIC
AlienVault
 
Incident response live demo slides final
AlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
Alien vault sans cyber threat intelligence
AlienVault
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
AlienVault
 
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
AlienVault
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 
Demo how to detect ransomware with alien vault usm_gg
AlienVault
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 

Improve Threat Detection with OSSEC and AlienVault USM

  • 2. About AlienVault AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against today’s modern threats
  • 3. Agenda OSSEC capabilities AlienVault USM capabilities Demo – See it in action • Remote OSSEC agent deployment, configuration and management • Behavioral monitoring of servers and workstations • Logging and reporting for PCI compliance • Data correlation with IP reputation data, vulnerability scans and more • Correlating OSSEC events to detect attacks
  • 4. OSSEC & AlienVault USM Learning the Basics…
  • 5. OSSEC capabilities Log analysis based intrusion detection File integrity checking Registry keys integrity checking (Windows) Signature based malware/rootkits detection Real-time alerting and active response
  • 6. OSSEC Architecture Agent components: Logcollectord: Read logs (syslog, WMI, flat files) Syscheckd: File integrity checking Rootcheckd: Malware and rootkits detection Agentd: Forwards data to the server Server components: Remoted: Receives data from agents Analysisd: Processes data (main process) Monitord: Monitor agents
  • 7. ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE/SIEM • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • File Integrity Monitoring USM Platform Integrated, Essential Security Controls
  • 8. AlienVault USM Architecture Embedded tools: Asset discovery: Nmap, Prads Behavioral monitoring: Netflow, Ntop, Nagios Threat detection: Snort, Suricata, OSSEC Vulnerability assessment: OpenVas External collectors: Syslog WMI SDEE
  • 9. AlienVault Event Correlation AlienVault USM correlates events from multiple sources, crossing OSSEC alerts with information collected from embedded detectors and external sources.
  • 10. OSSEC Management Interface • Status monitor • Events viewer • Agents control manager • Configuration manager • Rules viewer/editor • Logs viewer • Server control manager • Deployment manager • Rules viewer/editor AlienVault USM provides a comprehensive GUI for OSSEC alerts management:
  • 11. Let’s See It In Action
  • 12. 888.613.6023 ALIENVAULT.COM CONTACT US [email protected] Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Now for some Q&A.. Questions? [email protected] Twitter : @alienvault