Documentation for USM Appliance™ Documentation for USM Anywhere™ Documentation for Open Threat Exchange™ Documentation for Unified Security Management™ for AWS Documentation for Unified Security Management™ for Government Open Source Software Image Map (OSSIM) Info Sheet Open Source Software Image Map (OSSIM) is a high performance engine for remote sensing, image processing, geographical information systems and photogrammetry. It has been actively developed since 1996. OSSIM has been funded by several US government agencies in the intelligence and defense community and the technology is currently deployed in research and operational sites. Designed as a series of high performance software libraries, it is written in C++ employing the latest techniques in object-oriented software design. Many command line utilities, GUI applications, and integrated systems have been implemented - several of which are included with the software distribution.
Parallel processing capabilities with mpi libraries Universal Sensor Models (RPCs) Wide range of Map Projections and Datums supported Non-destructive, parameter based image chains Precision Terrain correction and ortho-rectification Advanced Mosaicing, compositing, and fusions Vector and shapelib support Projection and resolution independentWhen I was asked to write this blog, I thought to talk about certifications and training in the context of real people. So we reached out to a couple of folks who have taken and passed our new security certification, AlienVault Certified Security Engineer (ACSE) in the past few months to get their perspective.We spoke with Tony Dow, Lead Security Engineer, Hawaiian Telcom about his experiences. Tony first took AlienVault training over two years ago. He uses USM “all day, every day” in his role. For this reason, he was chosen to work with AlienVault engineers to help craft the questions for the new certification test.
Tony was also a beta tester for the new AlienVault certification test. He passed the test, and is now an ACSE. Some of his thoughts:On the scope of the certification test: “We put a lot of thought into the certification test questions to cover the full range of AlienVault capabilities.”His advice to those going after the certification: “To pass the ACSE test, you really need to work with USM – you need to know the menus and how to navigate the features.”On ACSE: “I have a lot of respect for AlienVault as a company, and I’m proud to have the ACSE on my resume.”On the value of ACSE: “If I’m looking at job candidates, if they have ACSE I know they have a really thorough understanding of not only AlienVault, but SIEM, IDS and other open source tools. I am more interested in that kind of candidate than one who has experience only with a commercial, closed-source product. If they know AlienVault, that pretty much covers the bases that I would ask in an interview.”We also spoke with Karl Hart, Manager of Information Security, CyberCon Security Solutions, LLC.
Karl was a beta tester for the new AlienVault certification test. Some of his thoughts:On the difficulty of the test: “If you pass this test, you really know your stuff – you really have to know how the product works.”On the value of ACSE: “The certification has lots of value, that will increase as AlienVault grows.” “When you see that certification logo, you know the person really understands USM. When I look to hire people, if I see that they are ACSE, I know I won’t have to babysit them.”On advice for those seeking ACSE: “As for advice to others on preparing for the exam, get your hands on USM (or the free version, OSSIM) and know the product inside-out.”On ACSE and other security certifications “I also have CISSP, CEH and CHFI certifications, and they are great. But on my business card, I put ACSE first. The difference with the ACSE is that you really need hands-on experience, knowledge.”Now that we've announced our new ACSE certification, I'm interested in your stories and your questions.
If you choose to seek the ACSE certification, I wish you well in your practice and preparation. Learn more Here's the press release. IDS for Security Analysts: How to Get Actionable Insights from your IDSThe fun with IDS doesn't stop after installation, in fact, that's really where the fun starts. Join our panel of IDS experts for an educational discussion that will help you make sense of your IDS data, starting from Day 1. We will discuss signature manipulation, event output, and the three "P's" - policy, procedure and process. We won't stop there either! You'll find out the meaning behind the terms all the cool kids are using like "False Positives" and "Baselining". We'll round it out with more information about how IDS interacts with the rest of your IT applications and infrastructure. If you installed an IDS and are wondering what to do next then signup now! ‹ BACK TO ALL BLOGS For the GIS project, see Open Source Geospatial Foundation. OSSIM (Open Source Security Information Management) is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention.
The project began in 2003 as a collaboration between Dominique Karg,[1] Julio Casal [2] and later Alberto Román.[3] In 2008 it became the basis for their company AlienVault.[4] Following the acquisition of the Eureka project label and completion of R&D, AlienVault began selling a commercial derivative of OSSIM ('AlienVault Unified Security Management'). OSSIM has had four major-version releases[5] since its creation and is on a 5.x.x version numbering.[6] An Information visualization of the contributions to the source code for OSSIM is published at 8 years of OSSIM. The project has approximately 7.4 million lines of code. As a SIEM system, OSSIM is intended to give security analysts and administrators a view of all the security-related aspects of their system, by combining log management and asset management and discovery with information from dedicated information security controls and detection systems. This information is then correlated together to create contexts to the information not visible from one piece alone.
OSSIM performs these functions using other well-known[8] open-source software security components, unifying them under a single browser-based user interface. The interface provides graphical analysis tools for information collected from the underlying open source software component (many of which are command line only tools that otherwise log only to a plain text file) and allows centralized management of configuration options. The software is distributed freely under the GNU General Public License. Unlike the individual components which may be installed onto an existing system, OSSIM is distributed as an installable ISO image designed to deployed to a physical or virtual host as the core operating system of the host. OSSIM is built using Debian GNU/Linux distribution as its underlying operating system. OSSIM features the following software components: Note: Suricata and Snort cannot be used at the same time. Snort is currently being phased out in favor of Suricata. AlienVault maintains a crowd-sourced service for IP reputation information, generated by (and available to anyone) with an active OSSIM installation.