Certificate Lifecycle Management: People, Process and Technology
OSSIM applied to ITIL
Recently I stumbled across an interesting article talking about Microsoft, Opensource and ITIL where ossim was being mentioned. (the article can also be found googling for “ossim itil microsoft” in case the link breaks).I’ve never been very keen about learning ITIL either (although I’ve heard about it everywhere during the last year) but…
Greetings from Istanbul
After having spent five days in this nice city I wanted to say goodbye through a post. It’s the second time I went here (sadly both times I had to work but I’ll come back for fun someday, that for sure) and I really enjoyed the stay.This time I had a nicer Hotel than last…
Tutorial 5: Windows event logging
The windows event logAs an introduction to windows event logging I recommend reading the following article: Monitoring and Troubleshooting Using Event Logs. It’s the first interesting one I’ve found after googling for an introduction.Quoting the article, which also talks about EventCombMT.exe which we’ll mention later:This article reviews best practices for…
Tutorial 4: Correlation engine primer
IntroductionIn order to answer to a recent forum post https://sourceforge.net/forum/message.php?msg_id=4666889 [no longer available] I had to do a quick research since it had been some time since I last tested this.The exact question was:Hello, Is there a document talking about how the directives are processed? One question that I have…
Tutorial 3: First recommended steps after installation
This tutorial tries to show the first common steps you could perform if you’re new to ossim and just finished installation, without knowing what to do next.The tutorial will cover:Policies Initial Inventory Scans Scheduled scans What to do nextMany topics we’ll cover on this tutorial can be extended checking the documentation wiki http:/…
Tutorial 2: Syslog data mining with attached md5sum. AKA "Store 100% of data".
1. The need. The Hype.There’s obviously a need for storing vast amount of logs, and few things today aren’t able to log into syslog. So it’s just obvious to stumble upon that request every once in a while, and this tutorial illustrates the OSSIM approach at massive syslog data storage. Of course, where you…
A review of a commercial SIM
Some time ago, earlier this year, I had the opportunity to attend to a conference where one of the leading SIM vendors (according to gartner’s magic quadrant at least) talked about their product. Although my opinion will always be biased and I tend to compare all that I see on this area with OSSIM, I also believe that I’…
OSSIM Mobile now available ;-)
Well, kindof at least…Since Apple’s iPhone is basically a stripped down MacosX and it has some nice toys to play with, I thought I’d give the provided python port a try and fire up the OSSIM agent. As expected everything worked like a charm and getting ossim up & running was very easy. Here…
MySQL performance tuning applied to OSSIM. Case 1.
I’d like to share my first actual success on mysql tuning, after having spent a couple of days reading everything I could about the matter (and still waiting for the books to arrive).From what I’ve seen a very important point on DB optimization is the right table design, followed by the right queries and finally…
MySQL Performance Tuning
I’ve finally decided to learn everything I could about MySQL performance tuning; we’re working on highly tuned appliances and this is a must for high-traffic environments.I’d like to share my first findings on interesting stuff and encourage comments on the matter, which seems as deep as any science.These last days we’ve discussing about this…
Plugin Tree && Graph installer update
I thought I’d post a plugin tree I just hacked together here. It uses a javascript library and could be useful to someone. I’m not posting the complete tree here since the page is about 1MB big.As a little extra, below is some sample output from the graph package installer. Pablo’s almost done…
Tutorial 1: Host Inventory using OSSIM
This post will be the first of a series of tutorials describing how to accompliush certain useful things using OSSIM. A friendly IT teacher from Oklahoma suggested that it would be a good idea, and I have to agree. And on top, it’s relaxing :-).So here we go, this first installment will focus on deploying OCS Inventory…
