CND Lab Manual Network Incident Response and Management Module 14Module 14 - Network Incident Response and Management Working with Incident Tickets in OSssIM OSSIM (Open Source Security Information Management) is an qpen source security information and event manqgement systers Lab Scenario A ticket is an clement of AlienVault that contains information about detected alacms or any other issues that you want to track in a workflow. Tickers can be used to delegate tasks to other administrators and to track the progress of investigations into specific alarms and events. Tickets can be cxeated or opened in a number of ways either manually or automatically. As a chief network defense architect, you need to know how to create or open tickets that are generated in AlienVault OSSIM, Lab Objectives “The objective of this lab is to demonstiate how to create ox open tickets that auc generated in AlienVault OSSIM. Lab Environment To catty out the lab, you need: © OSSIM wirmal machine © A virtual machine running Windows Server 2012 A Web browser with an Intemet connection Administrative privileges to nun tools Lab Duration Time: 15 Minutes Overview of OSSIM OSSIM (Open Source Security Information Management) is an open source security information and event management system which is integrated with a (END Lab Mannal Page 65 ‘Getifed Nerwork Defender Copy © by EC Counel ‘AU Rights Revd Repeehccon Stat PeteModule 14 - Network Incident Response and Management selection of tools designed to aid network administators in computer secusity, intrusion detection, and prevention. Lab Tasks Grask + 1. Stast the OSSIM Server and login with reot and toor as the credentials. Login to OSsIM FIGURE 1.1 Logging nto len et 2. Launch Windows Server 2012. Open a web browser and type hutps://10.10.10.14 in the addcess bac and press Enter. 3. Logia to OSSIM with admin and qwertya4123 as the credentials. TTR Tee) FIGURE 12 Logg into OSSIM ‘END Tab Nannal Page ‘Cabed Nework Defender Coprieit © by Ee Council ‘AU Rigs Reweved Repeshcoon Stic Potted(Module 14- Network Incident Response and Management 4. Hover the mouse on ANALYSIS and click TICKETS. 58 INNES Brack 2 Create or Open ALARMS SECURITY EVENTS (SIEM) RAW LOGS: Mrecard [FIGURE 13. Novipting to Tht 5. The existing tickets can be viewed. FIGURE 14: Viewing the eats 6. To manually open a ticket, scroll down and select a class then click CREATE. Open a new ticket manually: END Lab Mannal Pag 607 ‘Gaited Nerwok Defender Copii © by EE Counel (ALRigbts Reserved Repredcaon Stat Pred(Module 14- Network Incident Response and Management 7, Enter the highlighted details and click SAVE. fbveseat ooos2s [pnweeor roses onan veipersesceury icy nnaratin NT aanazonstan scuncest uneanty vale enoueunermenmntnienM — @ meceaiz sce woernay-oramesumps 68) © veovez sows] ‘Gaited Nerwok Defender Copii © by EE Counel ‘END Tab Manna Pag 608 TAU Rights Reweved Repecton Stl Potted“Module 44- Network Incident Response and Management 9, Tickets can be filtered based on a particular class of events using the Class drop down menu, FIGURE 18 Fitciag date Search text ‘Application and System Failures CCorporative Net Attack Expansion Virus Genenc Net Performance Policy Vielation Security Weakness FIGURE 19° Seong the np of document a a FIGURE 110 Viewing ket neta ‘GND Tab Mannal Page OF ‘Cabed Nework Defender Coprieit © by Ee Council "AU Rights Reese. Repeedction Stacy Probate(Module 14- Network Incident Response and Management 12, The TICKET DETAILS page comes up. [FIGURE 111 ticket dele 13, Sesoll down and male changes to the ticker, then click SAVE TICKET. FIGURE 112 Ei ad eae tat ‘END Tab Mannal Pag 610 ‘Gaited Nerwok Defender Copii © by EE Counel "AU Rights Reese. Repeedction Stacy Probate(Modtulo 14 Network Incident Response and Management Lab Analysis “Analyze and document the results of the lab exercise. Give your opinion on your targets seeutty posnue and exposure through free public information, PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS ABOUT THIS LAB. ‘END Lab Mannal Fags 617 ‘Gaited Nero Defender Coprsit © by EE Counell “AL Right Reered Repedcton Stacy Prebated.