OSSIM Installation Guide

Download an iso from Alien Vault

(http://downloads.alienvault.com/c/download?version=current_ossim_iso) and
install it in the VM. In this tutorial, we will install OSSIM on VM instead of physical
server which has following specifications

It has one interface, for the management of the VM is given below.

Processor: 2 VCPU, RAM : 2 GB, Hard disk Size: 8GB, Management IP:
192.168.1.150/24 and Asset network: 192.168.0.0/24

Below steps shows how to configure settings in Virtual Box

When OSSIM VM boots with iso image, it shows following two options at
installation wizard.
Highlighted option in above figure is selected which will install OSSIM on this VM.
Press enter to start the installation process. Select language, location and
keyboard setting in next few steps.

Network Configuration
In this step, configure the network of OSSIM VM. We are using eth0 for the
management. Network configuration for eth0 is shown below.
Root User Setting
After network setting, next windows prompt for the password of user root which
can access the CLI of OSSIM server. Password of root user must be strong.
Time Zone setting
Time zone information is important in logging system and shown below.
Following windows prompt after the complete installation of Alien Vault OSSIM.
We can access the web interface using following URL:

https://192.168.0.200
Login with user root and password test in CLI of OSSIM server

Latest Mozilla Firefox browser does not open the link, so use Chrome or IE
browser for the access of web interface. Chrome and IE will prompt following
windows which say that certificate are not trusted because OSSIM uses self signed
certificate.
After acceptance of above exception, following information required for the
administrator of OSSIM server. Fill the required details which are asked in the
following figure.

Following windows will appear after the completion of administration account.

After successful log in into the web interface, following wizard appear for further
setting of OSSIM server.
It shows following three options

1. Monitor Network (Configure network which is being monitored by the

OSSIM server)
2. Assets Discovery (Automatic discovery of network devices in the
organization )
3. Collecting logs and monitoring of network nodes

Click on the start button of the above figure for the configuration of OSSIM
server.

After clicking on the 1st option, another windows will prompt for the network
configuration which is shown in the below figure. We configured eth1 for the log
collector and monitoring interface of the OSSIM server.

In the 2nd step, OSSIM will perform automatic discovery of the network assets.
Select Asset discovery (2) option and following windows will prompt for the
configuration. It supports automatic and manual discovery of assets.

Types of Assets in the OSSIM server are:

 Windows
 Linux
 Network device

After network setting and asset discovery, next step is the deployment of HIDS on
windows/linux devices to perform file integrity, monitoring, rootkit detection
and collection of event logs. Enter username/password of the asset for the
deployment of HIDS.

Select desired host from the list and click on Deploy button for the HIDS
deployment. Again click on Continue button to start deployment process which is
shown in the figure. This process will take a few minute for the HIDS deployment
on selected host.
Log Management

Following figure shows the configuration of discovered asset for the management
of different logs.

Final option of the configuration wizard is to join OTX (Threat exchanged program
of Alien Vault). We are not going to sign up for this option. Finish the
configuration step by clicking on finish button.

The main dashboard of the OSSIM server is shown below