OSSIM Used and Trusted by over 195k security professionals
Today we will be demonstrating a AlienVault OSSIM install on a virtual machine. AlienVault is the leading top competitors when it comes to IDS and USM or unified security management platforms. Will will follow the instructions on the documentation pages as it is the most effective way to install a test environment. In production you will need to of course consider different parameters for example. If you want to process many events you will need a server or some machine capable of processing the data just keep this in mind more workload = more firepower needed especially in larger environments.
Minimum System Requirements
For an installation of AlienVault OSSIM, the minimum system requirements are as follows
- 2 CPU cores
- 4-8GB RAM
- 250GB HDD
- E1000 compatible network cards
To install AlienVault OSSIM
In your virtual machine, create a new VM instance using the ISO as the installation source. You can use either VMware or VirtualBox either works fine.
Once you have initiated the new Debian 8.x 64-bit instance, select Install AlienVault OSSIM and press Enter.
The installation process takes you through a series of setup options. Choose the appropriate options for the following
- Select Language
- Select Location
- Keymap to use
The installation then loads the necessary components and detects settings.
When you are finished you will now see the UI address you set for your IP address as it is a Web Based interface you will need to use a browser to access it.
Now that we can access our UI through your favorite web browser will take a look around at some the features available with OSSIM. Here you can see several options in the initial admin setup here you will need to configure the following
Once you complete the final stages you are now ready to begin using the USM product we used for the demo the default settings for testing purposes. Once you access the installation thru the browser you will need to complete the administrator account as seen below –
After this we can now see we will be prompted with a setup wizard and this will walk you thru the final stages to get everything up and running. We will also post about using it and taking the initial setup steps using AlientVault or OSSIM. There is many additional steps even beyond this point that will be covered in next post.
Tip: If you are having trouble inside the VM log back into the initial setup in your VM not the browser. Once your back here –
Then select maintenance and troubleshooting > database> repair database this will reset the DB for MySQL and you will gain access to the web interface. 🙂 took me hours in a lab to overcome this once and wanted to share as I know it was frustrating years ago with my first experience using this.