Wednesday , December 19 2018
Home / Information Security / Installing and Configuring AlienVault OSSIM OpenSource SIEM

Installing and Configuring AlienVault OSSIM OpenSource SIEM

In this tutorial, I’ll be installing and configuring AlienVault OSSIM OpenSource SIEM. Its current latest version is 4.14.0. I have downloaded its ISO image from alienvault official website, you may download AlienVault OSSIM from following given official link:

 

Installation of AlienVault OSSIM:

 

AlienVault OSSIM Download:   https://www.alienvault.com/open-threat-exchange/projects

Now, I’ll be demonstrating OSSIM installation step-by-step.

1- First of all, burn the downloaded ISO image to a CD/DVD. I’m going to install OSSIM on VMWare ESXi Virtual Machine, so I don’t need to burn image, as virtual machine can be installed from ISO image.

2- Boot with the ISO image or CD/DVD.

3- Start installation prcess, Select to install OSSIM Server not Sensor as shown below.

 

Installation-1  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 1

 

4- Select your desired Language to install OSSIM in, I’ll Select English.

 

Installation-2  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 2

5- Select Your country, if your country not listed in first shown list of countries:

i)  Select “others”

ii) Click “continue”

iii) Select your “Subcontinent”

iv) Click “Next”

v) Select your country from the shown list.

vi) Click “Next”

 

Installation-3  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 3

6- Select your Locale.

 

Installation-4  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 4

7- Select your keyboard you use with your PC/Server.

 

Installation-5  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 5
8- Now setup will load required components required for installation from provided CD/DVD or ISO Image (in case of Virtual Machine)

 

Installation-6  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 6
9- If you have more then one Network Interface Cards, as recommended, you’ll be asked to select Primary interface to be used for Management. Others will be configured in later configuration.

 

Installation-7-NetworkInterfaces  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 7
10- Provide desired IP Address for OSSIM, its subnet Mask, Default Gateway and DNS Server IPs of your network as per requirement as shown below.

 

Installation--8-NetworkConfig  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 81
11- Enter Password for Root user, used for Terminal Access/Console.

 

Installation-9-RootPass  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 9
12- Now, Installation of OSSIM will begin and will take quiet long time to complete depending upon configuration of the Server.

 

Installation-10-Started  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 10
13- When installation is completed, OSSIM will reboot automatically and will show following screen showing the IP to access OSSIM Web Interface on.

 

Installation-11-Console  Installing and Configuring AlienVault OSSIM OpenSource SIEM Installation 11

 

 

Configuration of OSSIM by Getting Started Wizard:

 

1- Now Access OSSIM in Web browser at IP shown on Console of OSSIM, in my case, it is https://192.168.1.5
2- Now Start the configuration Wizard by clicking on “Start” button.

 

Config-1-Start  Installing and Configuring AlienVault OSSIM OpenSource SIEM Config 1
3- In case of multiple network interfaces, OSSIM will ask to assign functionality to each interface except first one (which is by default assign to its Management)
If we select any interface as “Log Collection and Scanning”, OSSIM will ask for IP Address and Subnet to assign to this interface for capturing Logs and Scanning Perimeter.

 

Config-2-NetworkAssign  Installing and Configuring AlienVault OSSIM OpenSource SIEM Config 2

Config-3-NetworkConfigOK  Installing and Configuring AlienVault OSSIM OpenSource SIEM Config 31

 

4-     On the next screen of “Asset Discovery”, OSSIM will automatically Scan for available hosts on the network. We can manually Re-Scan or Add Host one-by-one or using CSV file.

 

Config-4-Assets  Installing and Configuring AlienVault OSSIM OpenSource SIEM Config 4
5- On next screen, OSSIM will ask if we want to install Host Based IDS on Scanned Host, (It will only show windows/linux hosts that we selected at “Asset Discovery” screen.
It will ask for Privileged User/Password for HIDS deployment, Click “Deploy” when ready to deploy HIDS on agent Machines.

 

Config-5-HIDS  Installing and Configuring AlienVault OSSIM OpenSource SIEM Config 5 1024x544
6-     Those devices that were selected as “Network Device” on “Asset Discovery” Screen, OSSIM will ask for option to capture their logs so we need here to select their Logs vendor/Model and Version. This will enable for these hosts only if we click on “Enable” button after providing required options.

 

Config-6-NetworkSyslogs  Installing and Configuring AlienVault OSSIM OpenSource SIEM Config 6 1024x353
7- On next screen, OSISM will ask for OTX (Open Threat Exchange) registration Token. Registration is free, and it is required for automatically updating latest Threat Signatures.

 

Config-7-OTX  Installing and Configuring AlienVault OSSIM OpenSource SIEM Config 7
8- Click Finish or “Skip” to bypass this step and Finish This Configuration wizard.

AlienVault OSSIM OpenSource SIEM has now been installed and Configured. Now we may browse through OSSIM Dashboard as shown in below figure or we may continue its further configuration. Let’s click finish and browse through OSSIM Dashboard.

OSSIM_Dashboard  Installing and Configuring AlienVault OSSIM OpenSource SIEM OSSIM Dashboard

What’s Next:

– Configuring OSSEC Clients to monitor with AlienVault OSSIM

– Configuring Nagios Plugins on Windows/Linux hosts to monitor with AlienVault OSSIM

– Configuring Snare Agents on Windows & Linux hosts to monitor them with AlienVault OSSIM

 

 

About Muhammad Attique

Check these out :)

How to Modify GRUB Bootloader version 2

I’m going to show you how can we edit and modify GRUB Bootloader version 2, …

3 comments

  1. Thank you 🙂

  2. please do you have information about configuration of snort on ossim can you share it with me? or with suricata

Leave a Reply

Your email address will not be published. Required fields are marked *