Embed Size (px)
DESCRIPTION
OSSIM v4.5 is here! With a focus on ease of use, better error control, and suggestions to make your security visibility more complete, OSSIM v4.5 works hard to save you time. Join us for this FREE user training session to learn more about what's new in OSSIM v4.5: Streamline workflows: The more intuitive, easy to use, and consistent user interface helps you accomplish daily tasks in less time Reduce blindspots: OSSIM v4.5 alerts you of network assets that aren't sending events to OSSIM so you can quickly add them Avoid service disruptions: OSSIM v4.5 proactively alerts you of impending errors related to disk space utilization, IDS packet capture issues, etc. Plus, we'll give an overview of how you can improve threat detection and simplify incident response with the AlienVault Labs Threat Intelligence feed included in AlienVault Unified Security Management™ USM).
Citation preview
MARCH 2014
What’s New in AlienVault OSSIM v4.5?OSSIM Community Webinar
COMMUNITY GUIDELINES
Community members are not leads
We are a commercial company
OSSIM is not trialware
If you see something, say something
http://forums.alienvault.com/discussion/4/
AGENDA
V4.5 Feature Overview
Examples of how to use OSSIM
OSSIM vs. USM
Open Questions
New v4.5 Features
SUMMARY OF NEW FEATURES
New Look and Feel New Plugin Suggestion Engine
New Errors and Warnings Dashboard
First Time Wizard Improvement
New Status Monitors
NEW LOOK AND FEEL
Feature Summary:
Color, layout, and style improvements
Common library of UI elements (buttons, tables, interaction, workflow)
Value to You:
More intuitive, consistent, and easy to use
Predictable, consistent interaction and workflow
Reduced learning curve, increased time to value – “results in day one”
PLUGIN SUGGESTION ENGINE
Feature Summary:
Identify assets sending data but with no plugin enabled
Identify assets not sending data and with no plugin enabled
Offer suggestions and built-in workflow to enable the proper plugin
Value to You:
More easily identify assets with no data collection and help the user easily enable the right plugin
Increase time to value when configuring new assets.
NEW WARNINGS & ERRORS DASHBOARD
Feature Summary:
Warn administrators of conditions that require attention
Provide suggestions on how to resolve the error or warning
Value to You:
Self-monitoring to prevent system failure
Proactive notification
FIRST TIME WIZARD IMPROVEMENT
Feature Summary:
Separated the Log Management step into two separate pages
Provide better clarity about each asset, plugin selected, and if AlienVault is receiving data.
Value to You:
Make the log management section more intuitive and easy to use.
Provide better information to tell the user if AlienVault is collecting data or not.
NEW STATUS MONITORS
Feature Summary:
Built-in monitors to assess the system for failure conditions
Monitors Available:
The Asset is not sending any log to the system Asset is sending log to the system, but there isn't a plugin enabled to parse the logs The Asset was successfully sending logs to the system, but no log received within the
last 24 hours The System is dropping packets, overloaded The System is dropping packets, malformed network packets The System Disk space is under 25% The System Disk space is under 10%
Use OSSIM to Answer Simple Questions
Is one of your system administrators running a bittorrent in the data center?
What known malicious hosts are your systems talking to?
Which of my vulnerable assets are under attack?
OSSIM vs. USM
DIFFERENCE BETWEEN OSSIM AND USM
OSSIM USM
Support Community Commercial
Management - Centralized Administration and
ConfigurationThreat Intelligence Community
DevelopedAV Labs Threat
Intelligence Subscription
Reporting Community Developed
100+ Compliance and Threat Reports
Access Control - Rich RBAC with Permission Templates
Deployment Types Flat Deployments Single / Multi-Tiered Small Business to
Enterprise
SMALL BUSINESS BUNDLE OPTIONS
http://forums.alienvault.com
Jim HansenSr. Director, Product [email protected]
