OSSIM aims to unify network monitoring, security, correlation, and qualification in one single tool.
Here are some key features of "OSSIM VMOSSIM":
· Arpwatch, used for mac anomaly detection.
· P0f, used for passive OS detection and os change analisys.
· Pads, used for service anomaly detection.
· Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
· Snort, the IDS, also used for cross correlation with nessus.
· Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
· Tcptrack, used for session data information which can grant useful information for attack correlation.
· Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
· Nagios. Being fed from the host asset database it monitors host and service availability information.
· Osiris, a great HIDS.
What's New in This Release:
· VMOSSIM is a fully working OSSIM environment packaged into a VMWare image.
· It's got most of the plugins enabled and is intended for uncomplicated and fast deployment, as well as for demonstration and testing purposes.
· It incudes a set of image management scripts not included with the main OSSIM distribution, which alleviates access to OSSIM by not-so-skilled users.