3. Index New Features and Enhancements New Installer Enhanced Usability New Vulnerability Management Interface ISO & PCI Compliance Unified Report Manager Asset Management, Search and Reporting SIEM Forensic Console Enhancements Full PCI Wireless Security compliance Netflow Analysis New data sources New menu organization Multiclient Logger Higher Performance and Increased Storage Upcoming Work 3
4. New installer 32-bit and 64-bit version Graphical installer Unattended installation VPN auto-setup Firewall auto-setup Update process improved Full Multi-profile Automatic configuration of OSSIM Components HTTPS enabled by default Software Upgraded Packet capture improved (Pfring 1.0 in 32-bit and 64- bit version) 4
5. New Installer Upgraded Software Linux Kernel 2.6.31 Support for newest devices MySQL 5.1 Greater performance and partitioning support Pfring 4.0 PF_RING can be used with vanilla kernels (no kernel patch required). OSSEC 2.3.1 Real time file integrity monitoring on Windows systems Support for monitoring the commands output (process monitoring) Openvas 3.0 WMI clients support New internal module architecture 5
6. Enhanced Usability Easy access to a broad range of information about any host or network: Asset Report Alarms SIEM Logger Ticketing system Knowledge DB Vulnerabilities Network Monitor Availability Monitor Right-click on any IP address or Network to see the contextual menu 6
7. Enhanced Usability Ease of use Analysis/Monitoring, reporting and configuration have been separated into different tabs. Advanced options and complex configurations have been separated from simple configuration options. Help Each panel has it's own link to the documentation/help 7
8. Enhanced Usability User templates Simplifies permission assignment to users in OSSIM. Floating Windows New floating Windows are now being used to help navigation within the web interface. 8
9. New Vulnerability Management Interface Schedule Scans Scanning profiles Scan summary Threats database Predefined Scanning Profiles Reporting in HTML, PDF and XLS Monitor Scan status in Real Time Vulnerability Scanner Web configuration 9
12. ISO & PCI Compliance Automated PCI DSS and ISO 27001 Compliance reporting including: Threat overview Business real impact risks C.I.A Potential impact PCI-DSS Trends ISO27002 Potential impact ISO27001 Directives mapped to compliance control objectives 12
13. Unified Report Manager Report Management system built on JasperServer Reports in PDF, RTF, and HTML Format Reports can be sent via e-mail from the Web Interface Time frame selection when generating reports 13
14. Unified Report Manager Access all reports from a single centralized location Available reports: Asset Report SIEM Events Logger Alarms Business & Compliance ISO PCI Metrics Report Geographic Report User activity 14
16. Asset Management, Search and Reporting 16 Asset Search Find all Assets matching certain criteria Date frame Selection Save predefined searches Advanced searches Auto completion
17. Asset Management, Search and Reporting 17 Advanced Asset Search Use logical Operators to combine search criteria Predefined Search Criterias Advanced searches Multiple Options in each criteria Auto completion
18. Asset Management, Search and Reporting 18 Asset Report Shows all the information regarding a host or network that can be found in OSSIM
19. SIEM Forensic Console Enhancements SIEM Forensic Database redesigned Faster analysis Storage capacity increased Search Engine optimized Logical Search (Using AND & OR operators) Export query results in PDF Format New filters Filter by country Filter by local networks Time frame selection using a calendar Extended information using event references 19
20. SIEM Forensic Console Enhancements Search using AND & OR (IP and Signature) Export query results in PDF Format 20
22. Full PCI Wireless Security compliance Implements the necessary controls for a full Wireless PCI Compliance. Reporting System and Wireless IDS (Kismet) Reports: Networks Cloaked Networks having uncloaked AP’s Encrypted Networks having unencrypted AP’s Networks using weak encryptions Suspicious clients 22
23. Netflow Analysis Netflow monitoring and management Integration of Nfdump and Nfsen Netflow collection from network devices Fprobe auto-configured to collect logs in the OSSIM collectors. 23
24. Netflow Analysis Easy configuration interface Complex Netflow Analysis and plugin support 24
25. New data sources Cisco SDEE Application level communications protocol that is used to exchange events in Cisco Devices Snort Unified2 Snort 3.0 and Suricata Engine supported WMI Agentless Collection Windows Management Instrumentation New supported devices and applications Astaro, Vyatta, Siteprotector, TippingPoint, Juniper VPN, RedBack, Netscreen IDP, Kismet, LucentBrick,... 25
26. New Menu Organization Dashboards High level information: charts, graphs, and risk maps. Incidents Medium level information: Alarms, Ticketing system and Knowledge DB Analysis Low level information: SIEM Events (Data mining), Logger and vulnerabilities Reports Report Manager Assets Inventory, Asset Search and OSSIM Components 26
27. New Menu Organization Intelligence Policy, actions, correlation rules and Compliance Mapping Monitors Information in real time: Network, Usage and availability Configuration Users, Collection configuration, and Database Upgrades Tools Backup, Tools Download, and Network Discovery system 27
28. Multiclient Multi Company/Department management capabilities Multi-hierarchical deployments 28 Only available when using Alienvault professional SIEM
29. Logger New graphs and statistics Reports on the information stored in the Logger Logical operators in Logger Search Fastest access to the information stored in the Logger 29 Only available when using Alienvault professional SIEM
30. Logger Select the time frame easily clicking on graphs or using a calendar Digitally signed logs can be exported to be verified using an external application Improved search syntax 30 Only in Alienvault Professional SIEM
31. Higher Performance and Increased Storage Database redesigned to increase performance and storage capacity. Improved Multithread support in OSSIM Server Multi-insertion to reduce database queries Faster processing of events 31 Only available when using Alienvault professional SIEM