OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
-
Upload
alienvault -
Category
Technology
-
view
832 -
download
4
description
Transcript of OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
![Page 1: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/1.jpg)
MARCH 2014
What’s New in AlienVault OSSIM v4.5?OSSIM Community Webinar
![Page 2: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/2.jpg)
COMMUNITY GUIDELINES
Community members are not leads
We are a commercial company
OSSIM is not trialware
If you see something, say something
http://forums.alienvault.com/discussion/4/
![Page 3: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/3.jpg)
AGENDA
V4.5 Feature Overview
Examples of how to use OSSIM
OSSIM vs. USM
Open Questions
![Page 4: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/4.jpg)
New v4.5 Features
![Page 5: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/5.jpg)
SUMMARY OF NEW FEATURES
New Look and Feel New Plugin Suggestion Engine
New Errors and Warnings Dashboard
First Time Wizard Improvement
New Status Monitors
![Page 6: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/6.jpg)
NEW LOOK AND FEEL
Feature Summary:
Color, layout, and style improvements
Common library of UI elements (buttons, tables, interaction, workflow)
Value to You:
More intuitive, consistent, and easy to use
Predictable, consistent interaction and workflow
Reduced learning curve, increased time to value – “results in day one”
![Page 7: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/7.jpg)
PLUGIN SUGGESTION ENGINE
Feature Summary:
Identify assets sending data but with no plugin enabled
Identify assets not sending data and with no plugin enabled
Offer suggestions and built-in workflow to enable the proper plugin
Value to You:
More easily identify assets with no data collection and help the user easily enable the right plugin
Increase time to value when configuring new assets.
![Page 8: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/8.jpg)
NEW WARNINGS & ERRORS DASHBOARD
Feature Summary:
Warn administrators of conditions that require attention
Provide suggestions on how to resolve the error or warning
Value to You:
Self-monitoring to prevent system failure
Proactive notification
![Page 9: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/9.jpg)
FIRST TIME WIZARD IMPROVEMENT
Feature Summary:
Separated the Log Management step into two separate pages
Provide better clarity about each asset, plugin selected, and if AlienVault is receiving data.
Value to You:
Make the log management section more intuitive and easy to use.
Provide better information to tell the user if AlienVault is collecting data or not.
![Page 10: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/10.jpg)
NEW STATUS MONITORS
Feature Summary:
Built-in monitors to assess the system for failure conditions
Monitors Available:
The Asset is not sending any log to the system Asset is sending log to the system, but there isn't a plugin enabled to parse the logs The Asset was successfully sending logs to the system, but no log received within the
last 24 hours The System is dropping packets, overloaded The System is dropping packets, malformed network packets The System Disk space is under 25% The System Disk space is under 10%
![Page 11: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/11.jpg)
Use OSSIM to Answer Simple Questions
![Page 12: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/12.jpg)
Is one of your system administrators running a bittorrent in the data center?
![Page 13: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/13.jpg)
What known malicious hosts are your systems talking to?
![Page 14: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/14.jpg)
Which of my vulnerable assets are under attack?
![Page 15: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/15.jpg)
OSSIM vs. USM
![Page 16: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/16.jpg)
DIFFERENCE BETWEEN OSSIM AND USM
OSSIM USM
Support Community Commercial
Management - Centralized Administration and
ConfigurationThreat Intelligence Community
DevelopedAV Labs Threat
Intelligence Subscription
Reporting Community Developed
100+ Compliance and Threat Reports
Access Control - Rich RBAC with Permission Templates
Deployment Types Flat Deployments Single / Multi-Tiered Small Business to
Enterprise
![Page 18: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/18.jpg)
SMALL BUSINESS BUNDLE OPTIONS
![Page 19: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/19.jpg)
http://forums.alienvault.com
![Page 20: OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5](https://reader033.fdocuments.us/reader033/viewer/2022061218/54b6f3da4a7959d0658b459e/html5/thumbnails/20.jpg)
Jim HansenSr. Director, Product [email protected]