I've been playing around with OSSIM as a SIM product.
Some comments.
1) It does nicely integrate many open source tools.
2) Install is easy - but it overwrites an entire disk. There
is no obvious way to install it on top of an OS, or install
it as a dual-boot system.
I installed it in a VM environment. I tried Sun's Virtual
Box, and it worked for a while. But I'm trying to manage
multiple ethernet interfaces, USB drives, and shared folders,
and that is not working well at all. I'm going to give up on
VirtualBox on an Windows XP system. I'll try a native OSSIM
install on a spare disk, after disconnected the current disks..
3) It bothers me that "AlienVault Professional SIEM now offers
30 times the performance of OSSIM for any traffic type."
This suggest to me that improvements are not going back into
Open Source, and that the 95% open source OSSIM product is
essentially crippleware. As one example, They forked
ACIC/BASE and the improvements were not integrated back into
BASE sourcecode.
It's not clear that investing in the product will have any indirect
benefit to non-OSSIM users.
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
