OSSIM™ and Other Cool Projects.
Play, Share, Enjoy.

Our open source projects focus on collaborative threat intelligence and incident response.
This includes OSSIM, the world’s most widely used open source SIEM product.

OSSIM: the Open Source SIEM.

Trusted by 195,000+ Security Professionals in 175 Countries… and Counting.

OSSIM provides all of the features that a security professional needs from a SIEM offering – event collection, normalization, and correlation. Established and launched by security engineers out of necessity, OSSIM was created with an understanding of the reality many security professionals face: a SIEM is useless without the basic security controls necessary for security visibility.

OSSIM addresses this reality by providing the essential security capabilities built into a unified platform. Standing on the shoulders of the many proven open source security controls built into the platform, OSSIM continues to be the fastest way to make the first steps towards unified security visibility.

AlienVault provides ongoing development for OSSIM because we believe that everyone should have access to sophisticated security technologies; this includes the researchers who need a platform for experimentation, and the unsung heroes who can't convince their companies that security is a problem.

Compare OSSIM to USM

Compare OSSIM
to USM:

Which product is right for you? Our Unified Security Management product offers advanced capabilities, such as:

  • Log management
  • Advanced threat detection with 1600+ built-in correlation rules
  • Threat intelligence from AlienVault Labs
  • 150+ compliance & threat reports
  • Support for PCI, HIPAA, GPG13, & SOX

Try USM Free

Watch a Guided Demo

OSSIM Download Options:

Download OSSIM ISO

MD5 Checksum: d597bd004a17cbcfb09f911fc7515149
• Complete experience of OSSIM capabilities
• For users who want to install themselves

Access in AWS Marketplace

• Try OSSIM on an Amazon AMI
• Monitor your virtual environments hosted by Amazon
• Easily deploy IDS, Vulnerability Assessment, & HIDS in EC2

Resources:

Download the Source Code

Technical Documentation

Screenshots & Demos

Product News:

AlienVault v4.9.0 Functional Release

Patch release 4.1.3

Commandline Access

Patch release v4.2.3

More

Related Links:

Support Forums

OSSIM LinkedIn Group

Other Projects We’re Working on in the OTX.

In the interest of sharing intelligence, our AlienVault Labs team has put together a few of the open
source projects that have helped us analyze threats and enhance security monitoring for better
incident response and threat management. We hope you find the following tools useful, and feel
free to share your feedback on them within the OTX Forum.

Clearcutter Log Sample Analysis

Get it Here

Clearcutter Log Sample Analyzer

What does it do?

Clearcutter is a general-purpose tool to assist log analysis (with some OSSIM-specific features)

How do I use it?

Here’s a quick overview of the supported functions:

  • Identify - takes a log sample and attempts to find unique message types present within the sample:
    [TIMESTAMP] : [PROCESS] User [VARIABLE] successfully authenticated from [IPV4ADDRESS]
  • Sequence – Identifies sequences of logs with a common set of variable data
    [TIMESTAMP] : [PROCESS] Connection attempt from 192.168.1.1
    [TIMESTAMP] : [PROCESS] Login request for user conrad from 192.168.1.1
    [TIMESTAMP] : [PROCESS] User conrad successfully authenticated
  • OSSIM-specific Log Functions <insert new link for OSSIM>:
    • Validate – Processes an OSSIM device plugin, testing for errors and inconsistencies.
    • Processing Rule [Z 350-cisco-asa]
      Option ‘interface’ refers to non-existent regexp group ‘(?P<iface>’
    • The Following Regex Labels are Assigned to UserData fields
      userdata1 Denied, Accepted, Duplicate,
      userdata2 {$sourcint}, {$srcint},
      userdata3 {$destint},
      userdata4 {$entry}, {$connection}, {$command}, {$result},
      userdata5 {$list},
    • Parse – Processes a log file using an OSSIM device plugin, displaying what is parsed by each SID.
    • Profile – Parses as before, but produces performance stats for SIDS, comparative to one another and the log file as a whole

Wireless Intrusion Detection Testing Tool

What does it do?

The script generates wireless packets to emulate wireless attacks with the intention of testing wireless intrusion detection systems. The tool currently supports the following attacks:

  • Send Probe-response packets with a SSID IE tag component of length 0 (CVE-2006-0064)
  • Floods the WLAN with disassociation packets. (CVE-2005-0046)
  • Floods the WLAN with deauthentication packets. (CVE-2005-0045)
  • Floods the WLAN with deauthentication packets. (CVE-2005-0045)
  • Sends invalid deauthentication reason code
  • Sends an over-sized SSID. (CVE-2006-0071, CVE-2007-0001)
  • Sends airjack beacon packet. (CVE-2005-0018)
  • Sends an an invalid channel number in beacon frames (CVE-2006-0050)
  • Windows XP SP1 behavior

How do I use it?

You can find more information here, but please note that in order to run the tool you need Scapy.

Wireless Intrusion Detection Testing Tool

Get it Here

URLQuery Chrome Plug-in

Install from the
Chrome Store

Access the
Source Code

URLQuery Chrome Plug-in

What does it do?

UrlQuery.net is a service for detecting and analyzing web-based malware. It provides detailed information about browser activities while visiting a site and presents the information for further analysis. The Chrome plug-in connects to this service for malware analysis of infected websites.

How do I use it?

Once installed, you can right click on the link within your Chrome browser to send to the URLQuery service to determine if the webserver contains malicious content.

GitHub Projects

Other OTX Projects

If you like what you see here, and are curious to find additional open source projects from the AlienVault Labs team, feel free to visit our GitHub repository. You’ll find many tools that we use on a daily basis for malware identification and analysis, event correlation, and more.

Visit our GitHub repository