AlienVault OSSIM

#1

Hi all,

I’ve been looking around of OS security tools and have come across AlienVault https://www.alienvault.com
Is any one running the ‘AlienVault OSSIM’ (host yourself) or has thoughts on the tool?

Thanks

#2

Sorry for being two months late.

I run AlienVault OSSIM in a Proxmox VM. It uses OpenVAS 9 for vulnerability scanning, and it is much easier to set up for that purpose than installing OpenVAS on Debian or Ubuntu.

I also use its Suricata function… the sniffing interface is connected to a network TAP in order to see my LAN traffic. However, since I’m now running Suricata in pfSense, this may now be redundant.

#3

Im literally about to spin up AlienVault OSSIM, I asked Tom about this just the other day!

Have used it before but not recently - it was OK then but was a monster to get set up.

#4

As an example, I ran a vulnerability scan of pfSense from within the local network… it found one item (nothing to be concerned about). The rest were 55 “info” items.

#5

Thanks gents. What put me off them was AT&T buying them up. So we started looking at Wazuh instead.