DK 'Log

I'm posting less and less and it's not for lack of interesting stuff to post but because of the underlying platform. I'll stop using this old site where I had (have right now) to edit html manually and will move to something much more comfortable: blogspot.com

See you from now on at alienvault.blogspot.com (glad I could snatch the name ;-) ).

I'm not dead nor is the blog, it's just that twitter is so much easier for busy/lazy people

I intend to write four more tutorial series pretty soon, namely

• Netflow stuff
• Kismet stuff
• OpenVPN inter-component config, setup and tricks
• Multiuser samples/setup

I hope to be able to bring out one every two weeks aprox, let's see how that works.

A quick saturday update. We just released OSSIM 2.2 with a ton of new features, have a look here. New screenshots and videos up on AlienVault too.

This release is quite complex featuring a whole lot of new features as well as a rewrite of old ones. Please don't hesitate posting on the forums if you've got any doubt or catch any bug.

I know I haven't been very active on the forums myself (what the heck, weren't able to answer during the last months) but the whole devel team @Alienvault will make an extra effort there too in order to make this the best release we had so far. At a technical level it is without a doubt.

I for myself am very excited, RSA and BSidesSF next week :-))).

Wow, almost March and my first post this year, need to care a bit more about this. Lot of things are happening around OSSIM, AlienVault and myself these months.

First, we finished a big funding round early this year which finally will enable us to consolidate OSSIM as a leader in the SIEM space (at least that's the idea :-) ). We're going to invest a lot into development but more importantly into community care, documentation and all those things that wrap around the product.

Another big thing will be the imminent release of 2.2, with tons of new features. Check out the documentation link above which will lead you to http://www.youtube.com/alienvaulttv.

More things related to this funding is the establishment of AlienVault USA. For a start I'll be travelling a lot between Europe and the US, attending conferences, giving talks and scoping the market over there. San Francisco Bay Area is the chosen location for this move.

For a start we'll be having a small booth at RSA 2010l, booth #553 (check the floorplan, count four booth clusters to the right from the upper left corner). I'm very excited about this, looks like this is one of the largest and most interesting security vendor conferences available, and we'll be there. (Going to be there with our CEO and VP Sales). As a said note, in order not get too harassed by spam around me I'll spend a couple of days midst week at the BSidesSF, where I hope I'll be able to do a quick lightning talk :-)

That's all for now, next time I'll be writing from the sunny beach of Santa Cruz :)))

Just a short post in order to wish everybody a happy 2010. 2009 has been an awesome year for OSSIM and 2010 promises to be even better; hope it's been as this for all of you too. Will be updating on that after holidays.

As said, happy new year! :-)

School year is starting again and so were I feeling too after coming back from the beach :-). Relax time is over tho and there's a lot of exciting stuff going on around AlienVault/OSSIM.

First of all I'd like to mention our new look&feel. After releasing 2.1 we decided the web should be undergoing a long-needed revamp, so here it is. As you may have noticed too, we unified the looks of the original ossim.net site and integrated it into the community section, very much like MySQL does (was inspired on them actually).

Another important addition is the new Roadmap. Now that we're becoming a serious project with a serious company behind, we've got to take care of things like these which we might have neglected in the past.
You'll see that the next major release, 2.2, is scheduled for the 15th of February 2010. We're already working on the items planned for that, and I wanted to share a quick screenshot of what will be the unified report for hosts and networks. Basically you'll be able to right click on any host anywhere on the system and get out a quick overview of anything that the system knows about it. Here are two quick screenshots (work in progress ofc):

Anyway, this is just one of the many improvements there will be, so stay tuned...

Now comes the shameless plug. As part of the website redesign we also started to launch the online courses and training at elearning.alienvault.com. Right now there are only two courses available, the "OSSIM Essentials" and "Build your own plugin" ones. If this initiative succeeds we'll continue to invest into it and prepare all the others, which in the end should cover all the material covered by the presential courses.
Prices are really cheap for promotion, 50 euro for around 3 or 4 hours worth of training, and although I'm biased I think they really do a good job in introducing OSSIM to those who're new to it, even if they're lacking deep computer or security skills.
So, if yuou're interested or know someone who could be, please give it a try. It's worth the money, we put a ton of work into it and it will help support your favourite SIM *grin*.

And here ends the plug and the post. I'm working right now on a plugin wizard which I'll be talking about soon. Once finished it will raise the amount of plugins available for OSSIM by around 2000 ;-)

Just before vacation we're going to do another webinar in order to introduce our recently released version 2.1. It's very similar to the previous two we've done, so if you've already attended I'd suggest skipping this one (we're going to vary the content often) but for those who've missed it: meet you the 30th :-)

A friend of mine is preparing a speech at a security conference this summer around OSSIM. He asked if I could get some feedback, case-studies or anything that could backup and enrichen his speech, this is what this post is for :-).

So please, should you have anything (wether it's good or bad, happy or sad) to say around OSSIM (or should you know about anybody how does) which you would like to share write to feedback@ (created the alias so I wouldn't miss anything, feedback is very important to us).

Anything from "I use OSSIM" to complete papers is welcome, tho in order to avoid confusions I'd please ask to include these couple of lines at the beginning of the mail:

Name (leave empty for anonymous):
Company (leave empty for anonymous or substitute for "english university" or "canadian oil platform" or similar):
Is it ok to tell/foward this?: yes/no (if the answer is 'no' then no one but me will know about this :P)
Is it ok to publish this on ossim.net/alienvault.com?: yes/no

Here again for copy & paste:

Name:
Company:
Ok to tell/forward?:
Ok to publish on ossim.net/alienvault.com?:

Just wanted to write that we're back up. Have had the host hosting ossim and alienvault down for some hours, it seems like there's been a short power outage on the provider side, and then the pf firewall on the openbsd host went back in some sort of "block everything" mode. Adding to that apache didn't start with ssl enabled and good bunch of the mysql tables had crashed too. Aaah, and it's supposed to be holiday here today ;-).

Good luck to Mike and the people at m5hosting getting everything back up and running.

Update 20090320: Everything seems fine now and I must say I'm very pleased with how they did handle all of thhis at m5. I wanted to post this diagram reflecting the power infrastructure at the provider for those curious, I for myself have never had a second thought about how actually a large datacenter could look at power level. The post-outage report also makes for some interesting read.

I'd like to point at a thread we've started on the forums regarding the viability of a dual-licensing model for ossim.

This would put an end of the ongoing lack of activity on the opensource side, whilst benefiting both our paying customers as well as the casual end-user. If you're in one of these categories I encourage you to make yourself heard :-)

We've released OSSIM 0.9.9 this week, release which was followed by a post to BugTraq regarding some XSS and SQL vulnerabilities present on OSSIM.
After having fixed those vulnerabilities we're now releasing:

• OSSIM Installer 1.0.4 (the recommended installation method)
• OSSIM Updater 1.0.4 (the recommended updating method for those running versions 1.0 - 1.0.3)
• OSSIM 0.9.9-3 Debian packages.
• OSSIM 0.9.9p1 for those who need source code.

For many years I've been bitching about blogs, about people writing useless crap just to caress their egos, merely filling google with worthless references to biased content. I always promised I'd never write one.

Well, I guess I've changed my mind now. It might be presumptous but I think it's a good moment to write about things around me since I sincerely believe it might interest someone (work issues to a broader audience, personal stuff to family and friends since work doesn't leave me the time I'd like to spend with them).

So this is it, my first try of a personal log. English is not my first language so there might be misspelling and grammar errors herein. My apologies in advance for that.

Happy reading ;-)

Dominique