OSSIM™ and Other Cool Projects.
Play, Share, Enjoy.

Our open source projects focus on collaborative threat intelligence and incident response.
This includes OSSIM, the world’s most widely used open source SIEM product.

OSSIM: the Open Source SIEM.

Trusted by 195,000+ Security Professionals in 175 Countries… and Counting.

OSSIM provides all of the features that a security professional needs from a SIEM offering – event collection, normalization, and correlation. Established and launched by security engineers out of necessity, OSSIM was created with an understanding of the reality many security professionals face: a SIEM is useless without the basic security controls necessary for security visibility.

OSSIM addresses this reality by providing the essential security capabilities built into a unified platform. Standing on the shoulders of the many proven open source security controls built into the platform, OSSIM continues to be the fastest way to make the first steps towards unified security visibility.

AlienVault provides ongoing development for OSSIM because we believe that everyone should have access to sophisticated security technologies; this includes the researchers who need a platform for experimentation, and the unsung heroes who can't convince their companies that security is a problem.

Compare OSSIM to USM

Compare OSSIM
to USM:

Which product is right for you? Our Unified Security Management product offers advanced capabilities, such as:

  • Log management
  • Advanced threat detection with 1600+ built-in correlation rules
  • Threat intelligence from AlienVault Labs
  • 150+ compliance & threat reports
  • Support for PCI, HIPAA, GPG13, & SOX

Try USM Free

Watch a Guided Demo

OSSIM Download Options:

Download OSSIM v5.0 ISO

MD5 Checksum: 3735b29724e6a7cba6d5795e39c34c29
• Complete experience of OSSIM capabilities
• For users who want to install themselves


Download the Source Code
MD5SUM: c322f0f642cc54edb882750ef135ed93

Technical Documentation

Screenshots & Demos

Product News:


Related Links:

Support Forums

OSSIM LinkedIn Group

Other Projects We’re Working on in the OTX.

In the interest of sharing intelligence, our AlienVault Labs team has put together a few of the open
source projects that have helped us analyze threats and enhance security monitoring for better
incident response and threat management. We hope you find the following tools useful, and feel
free to share your feedback on them within the OTX Forum.

Clearcutter Log Sample Analysis

Get it Here

Clearcutter Log Sample Analyzer

What does it do?

Clearcutter is a general-purpose tool to assist log analysis (with some OSSIM-specific features)

How do I use it?

Here’s a quick overview of the supported functions:

  • Identify - takes a log sample and attempts to find unique message types present within the sample:
    [TIMESTAMP] : [PROCESS] User [VARIABLE] successfully authenticated from [IPV4ADDRESS]
  • Sequence – Identifies sequences of logs with a common set of variable data
    [TIMESTAMP] : [PROCESS] Connection attempt from
    [TIMESTAMP] : [PROCESS] Login request for user conrad from
    [TIMESTAMP] : [PROCESS] User conrad successfully authenticated
  • OSSIM-specific Log Functions <insert new link for OSSIM>:
    • Validate – Processes an OSSIM device plugin, testing for errors and inconsistencies.
    • Processing Rule [Z 350-cisco-asa]
      Option ‘interface’ refers to non-existent regexp group ‘(?P<iface>’
    • The Following Regex Labels are Assigned to UserData fields
      userdata1 Denied, Accepted, Duplicate,
      userdata2 {$sourcint}, {$srcint},
      userdata3 {$destint},
      userdata4 {$entry}, {$connection}, {$command}, {$result},
      userdata5 {$list},
    • Parse – Processes a log file using an OSSIM device plugin, displaying what is parsed by each SID.
    • Profile – Parses as before, but produces performance stats for SIDS, comparative to one another and the log file as a whole

Wireless Intrusion Detection Testing Tool

What does it do?

The script generates wireless packets to emulate wireless attacks with the intention of testing wireless intrusion detection systems. The tool currently supports the following attacks:

  • Send Probe-response packets with a SSID IE tag component of length 0 (CVE-2006-0064)
  • Floods the WLAN with disassociation packets. (CVE-2005-0046)
  • Floods the WLAN with deauthentication packets. (CVE-2005-0045)
  • Floods the WLAN with deauthentication packets. (CVE-2005-0045)
  • Sends invalid deauthentication reason code
  • Sends an over-sized SSID. (CVE-2006-0071, CVE-2007-0001)
  • Sends airjack beacon packet. (CVE-2005-0018)
  • Sends an an invalid channel number in beacon frames (CVE-2006-0050)
  • Windows XP SP1 behavior

How do I use it?

You can find more information here, but please note that in order to run the tool you need Scapy.

Wireless Intrusion Detection Testing Tool

Get it Here

URLQuery Chrome Plug-in

Install from the
Chrome Store

Access the
Source Code

URLQuery Chrome Plug-in

What does it do?

UrlQuery.net is a service for detecting and analyzing web-based malware. It provides detailed information about browser activities while visiting a site and presents the information for further analysis. The Chrome plug-in connects to this service for malware analysis of infected websites.

How do I use it?

Once installed, you can right click on the link within your Chrome browser to send to the URLQuery service to determine if the webserver contains malicious content.

GitHub Projects

Other OTX Projects

If you like what you see here, and are curious to find additional open source projects from the AlienVault Labs team, feel free to visit our GitHub repository. You’ll find many tools that we use on a daily basis for malware identification and analysis, event correlation, and more.

Visit our GitHub repository