OSSIM 0704 (VMOSSIM)

OSSIM aims to unify network monitoring, security, correlation, and qualification in one single tool. The project combines Snort, BASE, NTOP, Nagios, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security.
Main features:
- Arpwatch, used for mac anomaly detection.
- P0f, used for passive OS detection and os change analisys.
- Pads, used for service anomaly detection.
- Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
- Snort, the IDS, also used for cross correlation with nessus.
- Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
- Tcptrack, used for session data information which can grant useful information for attack correlation.
- Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
- Nagios. Being fed from the host asset database it monitors host and service availability information.
- Osiris, a great HIDS.
Enhancements:
- VMOSSIM is a fully working OSSIM environment packaged into a VMWare image.
- Its got most of the plugins enabled and is intended for uncomplicated and fast deployment, as well as for demonstration and testing purposes.
- It incudes a set of image management scripts not included with the main OSSIM distribution, which alleviates access to OSSIM by not-so-skilled users.