July 14, 2009 | Jaime Blasco

Infocon raised to yellow for Excel Activex vulnerability

Microsoft has released an advisory related to Office Web Components Activex. The ISC has raised the Infocon to yellow due to the active exploitation of the vulnerabilityfrom several .cn domains.Alienvault’s feed customers are protected and covered with these directives:45050: AV Possible Malicious Server exploiting Excel ActiveX Client against DST_IP (CVE-2009-1136)45051: AV Possible Excel ActiveX Client…

July 7, 2009 | Jaime Blasco

Ossim: 0-day in Microsoft DirectShow

A 0-day exploit in Microsoft Video ActiveX Control is being exploited by malicious sites. Many people is covering this vulnerability and seems that will be widely deployed.Alienvault’s feed customers are protected and covered with these directives:45046:AV Possible MSVidCtl Client side attack detected against SRC_IP (KB-972890)45047:AV Possible Malicious Server exploiting MSVidCt against DST_IP (KB-972890)45048:AV…

Get the latest security news in your inbox.

Subscribe via Email

June 20, 2009 | Dominique Karg

Can OSSIM be considered a SIEM? Is it enterprise ready?

The story starts as following. A couple of years ago Dr. Anton Chuvakin (for those who might not know him a well renowned security professional and speaker) made a prediction for 2006: that a Credible Open-Source SIM would not arrive.A year later he said this goal hasn’t been reached (as predicted). I remember being quite pissed off and upset…

June 20, 2009 | Jaime Blasco

sobek-hids: Host Monitoring System

I’ve just created a google code’s project with some code I wrote some time ago.Sobek-Hids is a python based Host IDS system capable to monitor:Registry ChangesFile ActivityProcess CreationPrinting JobsExternal Drives (USB Disk Plugs)Shared ResourcesWindows AccountsLogonFirewall ChangesI hope I will have the time to continue and improve this…

May 5, 2009 | Dominique Karg

Request for case-studies, testimonials, comments and feedback

A friend of mine is preparing a speech at a security conference this summer around OSSIM. He asked if I could get some feedback, case-studies or anything that could backup and enrichen his speech, this is what this post is for :-).So please, should you have anything (wether it’s good or bad, happy or sad) to say around…

May 2, 2009 | Dominique Karg

New Instaler beta: 1.2beta6

I’m happy to announce the availability of the next beta, AV Installer beta6 http://data.alienvault.com/ossim-installer_1.2.beta6.iso [no longer available]. (md5: 21204ecf2949a1d9ac9838b3c694b72d.Again, thanks a ton to everybody testing the betas and reporting bugs / improvements, with your help this is already the best release that’s been…

April 3, 2009 | Dominique Karg

Here comes another beta, beta #5

Just uploaded a new AlienVault OSSIM installer beta, Beta 5 http://data.alienvault.com/ossim-installer_1.2.beta5.iso [No longer available]. As always, thanks a ton to everybody helping out on testing. Besides Anton, Greg, Kristian and Stephan there are many others helping, both on forums or anonymously (found some old friend’s domain names in the apache log for update…

March 27, 2009 | Dominique Karg

How to make good friends

I just wanted to share a quick mail we’ve received tonight at AlienVault. I’m hiding the user’s identity until he grants me permission to disclose it, which I doubt he’ll do btw.The mail did read as following:Subject: Port scan from you guys to my server from 207.158.15.208. Cease and desist.I installed your ossim product…

March 19, 2009 | Dominique Karg

Installer 1.2 beta3 available

And another quick post. New beta is out, thanks a ton to everybody reporting bugs. This time there aren’t big change, but a ton of small glitches have been fixed. Grab it here http://data.alienvault.com/ossim-installer_1.2.beta3.iso [No longer available]. As the last time, updates will focus on a beta3 base although they should work…

March 17, 2009 | Dominique Karg

Tutorial 8: OSSIM + JasperServer + iReport Tutorial

This eighth installment of the tutorial series will focus on a feature which will be revolutionary for OSSIM for sure: tight jasperserver integration for custom/periodic reports with the guarantee of a strong BI suite. The upcoming installer release will include both Tomcat as well as JasperServer ready to use and with sample preloaded reports and datasources. (Note: Installer beta2…

March 10, 2009 | Jaime Blasco

Ossim: Shellcode Detection and Analysis

I’m glad to announce a new feature we have added to forensic console. We use libemu to make shellcode detection and analysis to help on forensic analysis and reduce false positives, an example: …

March 7, 2009 | Dominique Karg

Installer 1.2 beta2 available

Just a quick notice about beta2 being out. Tons of bugs have been this weeks, cheers to everybody helping. Updates for the upcoming week should apply to both but will be focused on beta2 "http://data.alienvault.com/ossim-installer_1.2.beta2.iso [No longer available].Among the fixes, there are:Forensics panel visual and functionality fixes. New auto-update notification. When enabled…

Watch a Demo ›
GET PRICE FREE TRIAL CHAT