Saturday, July 19, 2014

Scripts to inject sample data to AlienVault / OSSIM SIEM

I just published a few scripts I wrote to inject sample data to AlienVault or OSSIM (Open Source Version) Unified SIEM. Those can be found in Github:

https://github.com/santiago-bassett/Alienvault-Demo_scripts

The scripts are ready to emulate Syslog data coming from these sources: Aruba Wireless, Cisco ASA, Cisco PIX, ClamAV, Oracle Database, OSSEC HIDS, Sonicwall and SSH.

As well, the scripts are ready to inject malicious network traffic in a dummy interface so it can be analyzed by Snort NIDS. Some of the traffic injected is related to: botnets, C&C communications, Zeus, spambot or spyware. The pcap files can be found in this directory:

https://github.com/santiago-bassett/Alienvault-Demo_scripts/tree/master/pcaps

3 comments:

  1. Thank you for share this informative post.

    ReplyDelete
  2. Hi,
    Good,

    Great project, I have a question. I have installed Ossim in a virtual machine, these scripts that you provide must be executed from an alernative machine or install it in the machine where Ossim is. Since in the machine itself I do not know if it is possible to run linux commands.

    ReplyDelete