In this tutorial, I’ll be installing and configuring AlienVault OSSIM OpenSource SIEM. Its current latest version is 4.14.0. I have downloaded its ISO image from alienvault official website, you may download AlienVault OSSIM from following given official link:
Installation of AlienVault OSSIM:
AlienVault OSSIM Download: https://www.alienvault.com/open-threat-exchange/projects
Now, I’ll be demonstrating OSSIM installation step-by-step.
1- First of all, burn the downloaded ISO image to a CD/DVD. I’m going to install OSSIM on VMWare ESXi Virtual Machine, so I don’t need to burn image, as virtual machine can be installed from ISO image.
2- Boot with the ISO image or CD/DVD.
3- Start installation prcess, Select to install OSSIM Server not Sensor as shown below.
4- Select your desired Language to install OSSIM in, I’ll Select English.
5- Select Your country, if your country not listed in first shown list of countries:
i) Select “others”
ii) Click “continue”
iii) Select your “Subcontinent”
iv) Click “Next”
v) Select your country from the shown list.
vi) Click “Next”
6- Select your Locale.
7- Select your keyboard you use with your PC/Server.
Configuration of OSSIM by Getting Started Wizard:
1- Now Access OSSIM in Web browser at IP shown on Console of OSSIM, in my case, it is https://192.168.1.5
2- Now Start the configuration Wizard by clicking on “Start” button.
3- In case of multiple network interfaces, OSSIM will ask to assign functionality to each interface except first one (which is by default assign to its Management)
If we select any interface as “Log Collection and Scanning”, OSSIM will ask for IP Address and Subnet to assign to this interface for capturing Logs and Scanning Perimeter.
4- On the next screen of “Asset Discovery”, OSSIM will automatically Scan for available hosts on the network. We can manually Re-Scan or Add Host one-by-one or using CSV file.
5- On next screen, OSSIM will ask if we want to install Host Based IDS on Scanned Host, (It will only show windows/linux hosts that we selected at “Asset Discovery” screen.
It will ask for Privileged User/Password for HIDS deployment, Click “Deploy” when ready to deploy HIDS on agent Machines.
6- Those devices that were selected as “Network Device” on “Asset Discovery” Screen, OSSIM will ask for option to capture their logs so we need here to select their Logs vendor/Model and Version. This will enable for these hosts only if we click on “Enable” button after providing required options.
AlienVault OSSIM OpenSource SIEM has now been installed and Configured. Now we may browse through OSSIM Dashboard as shown in below figure or we may continue its further configuration. Let’s click finish and browse through OSSIM Dashboard.