Scribd
Upload
161 views8 pages

OSSIM SIEM Components Overview

OSSIM is an open source security information and event management (SIEM) framework with several key components. The server is the core component and connects all other components together. Sensors collect information using plugins from various sources. The database stores inventory, configuration, and security event data. The server performs functions like event correlation, risk assessment, inventory management, and policy management using open source software within each component.

Uploaded by

bad3106
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
161 views8 pages

OSSIM SIEM Components Overview

OSSIM is an open source security information and event management (SIEM) framework with several key components. The server is the core component and connects all other components together. Sensors collect information using plugins from various sources. The database stores inventory, configuration, and security event data. The server performs functions like event correlation, risk assessment, inventory management, and policy management using open source software within each component.

Uploaded by

bad3106
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

OSSIM Components Overview

OSSIM Functional Components

Server The core of the SIEM Framework Connects everything


together

Sensor Collects Information Database Storage for other components Logger (Commercial Only) Complete log
storage

Server
Server is the central component of OSSIM, and performs the key SIEM functions:
Event Correlation Risk Assessment And Prioritization Inventory and Identity Management Alarms and Scheduling Policy Management Reputation Engine

Framework
Framework manages OSSIM components and connects them together. Provides the Web User Interface Manages OSSIM component configurations and communication.

Database
Handles storage for Inventory data, configuration and SIEM events. SIEM Event Storage Asset Storage Continuous Data (netflow, etc) storage Run-time OSSIM Configurations

Sensor (+Agents)
The Information-Gathering component of OSSIM. Agents collect logs and events from external devices and OSSIM monitoring components, using Plugins for each type of information they will collect Log Collection
Fetch and Receive

Network Monitoring
Network Traffic Monitoring Network Intrusion Detection Asset Detection Host Intrusion Detection Wireless Intrusion Detection

Logger [Commercial Only]


The Server stores log events that are of interest to security analysis, filtering out only the log events that are significant. The Logger additionally stores the log in raw format for forensic and compliance purposes. and archival searches.

Indexed for Full-Text


searches Cryptographically Signed log messages Additionally accessible as raw text. Designed for long-term storage

Open Source Software in the OSSIM Architecture


Within each of the components of OSSIM, lie a selection of opensource security software. Some are part of the core Framework, others reside on the Sensors which may be distributed over the network to provide visibility. Server/Framework:

Nagios OCSInventory NFSen Ntop (interface)


Snort Nfcap/Fprobe P0f Pads Arpwatch Ntop Nmap OpenVAS OSSEC Kismet

Sensor

You might also like