OSSIM Sensors

The OSSIM Sensors integrate powerful open source technology for:

Attack Detection using Snort IDS for real time detection
Vulnerability Scanning using Nessus Vulnerability Scanner
Network Monitoring and Profiling thanks to Ntop
Anomaly Detection with spade, RRD aberrant-behaviour, arpwatch, pads and p0f

Analyzing the local situation up to the deepest details as for example:

  • Detecting Attacks, Virus or Trojan Patterns
  • Locating active Vulnerabilities
  • Detecting Abnormal Beaviour of malicious internal users
  • Detecting unknown Viruses and Worms Activity
  • Giving an up-to-the-packet detail snapshot of the traffic
  • Creating detailed Profiles of Network and Hosts traffic usage and detecting Anomalies
  • Feeding the Automatic Inventory
    		•

    Host IDS's

    Two Host IDS's are included in the OSSIM suite of open source products which allow to detect and fortify different operating systems:

    Snare allows to monitor Windows machines and collect realtime data about:

  • File access, creation, modification
  • Usb use
  • Login, logoffs
  • Program execution and installation
    		•

    Osiris permits to monitor Unix and Windows machines and collect realtime data about:

  • File modification using digital checksums
  • Port modifications
  • User changes
  • Kernel changes
    		•

    These host IDSs send monitored events to OSSIM using the OSSIM Collector.