Just knocked one of these up on a VM myself. All that was required was the network settings, it is now sitting quite happily sniffing away on a web interface. Much better than that POS called Mutiny that we had when I started here,
2009/3/31 René de Haas <rene.deh...@woodward.com> > http://www.ossim.com/home.php?id=download > > > > Use the ossim-installer.iso to build a system from scratch. > > > > From the website: > > “Below you'll find the AlienVault OSSIM Installer we've developed. Taking > an empty host (even a virtual machine) this installer will erase and > partition the disk and install everything you need to have an OSSIM up and > running in under ten minutes. This installer includes all the software as > well as the operative system, so you don't need anymore to install the > components separately” > > Reÿé > > > > *From:* Jon Harris [mailto:jk.har...@gmail.com] > *Sent:* Monday, March 30, 2009 9:56 PM > *To:* NT System Admin Issues > *Subject:* Re: Conflicker detector > > > > Too bad it is designed only for use on VMware. It might be worth the > effort to see if I can get it ported to work on Hyper-V as well. > > > > Jon > > On Mon, Mar 30, 2009 at 2:55 PM, Matt Plahtinsky <mplahtin...@gmail.com> > wrote: > > Found it! http://www.ossim.net/ It combines a ton of tools into one > console. Looks promising. > > - Arpwatch, used for mac anomaly detection. > - P0f, used for passive OS detection and os change analisys. > - Pads, used for service anomaly detection. > - Nessus, used for vulnerability assessment and for cross correlation > (IDS vs Security Scanner). > - Snort, the IDS, also used for cross correlation with nessus. > - Spade, the statistical packet anomaly detection engine. Used to gain > knowledge about attacks without signature. > - Tcptrack, used for session data information which can grant useful > information for attack correlation. > - Ntop, which builds an impressive network information database from > which we can get aberrant behaviour anomaly detection. > - Nagios. Being fed from the host asset database it monitors host and > service availability information. > - Osiris, a great HIDS. > - OCS-NG, Cross-Platform inventory solution. > - OSSEC, integrity, rootkit, registry detection and more. > > > > On Mon, Mar 30, 2009 at 11:32 AM, Matt Plahtinsky <mplahtin...@gmail.com> > wrote: > > I can't remember what the name of it, but about a year ago I played with a > download able VM or ISO that was a fully fictional security sweet that ran > SNORT and a ton of other security programs and network monitors. I think it > ran on some form of nix but it had a GUI front end. Wish I could remember > the name of it....... > > > > On Mon, Mar 30, 2009 at 8:45 AM, James Rankin <kz2...@googlemail.com> > wrote: > > Does Snort have any signatures for detecting the likes of this? > > I have used it in the past for low-cost IDS http://www.snort.org/ > Unfortunately not Windows-based tho > > 2009/3/30 Glen Johnson <gjohn...@vhcc.edu>: > > > We need to set up something that will detect this virus and possibly any > > future virus outbreaks. > > > > We’ve got av on the computers but I’d like some kind of monitoring > system. > > Preferably windows based as we don’t have any nix experience. > > > > I had a ntop extra box running but I read that it is no longer supported. > > > > Maybe an IDS or something. > > > > Any suggestions, experiences or horror stories? > > > > Low or no cost would be good but is not mandatory. > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > > > > > > > ------------------------------ > *** > The information in this e-mail is confidential and intended solely for the > individual or entity to whom it is addressed. If you have received this > e-mail in error please notify the sender by return e-mail delete this e-mail > and refrain from any disclosure or action based on the information. > *** > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
