Integracion De Plugin De Ossim
Páginas: 27 (6511 palabras)
Publicado: 5 de diciembre de 2012
Este un tema para la integracion de plugin en OSSIM[pic]
Building Collector Plugins
Admin Guide
Copyright © Alienvault 2010
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical,including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and publisher.
Any trademarks referenced herein are the property of their respective holders.
Table of Content
1Overview.....................................................................................................................................................4
1.1 OSSIM Agent Role...............................................................................................................................4
1.1.1 Event Collection ..........................................................................................................................4
1.1.2 EventNormalization ...................................................................................................................4
1.2 OSSIM Server Role ..............................................................................................................................6
1.2.1 Event Enrichment.......................................................................................................................6
1.2.2 Policies and Actions ....................................................................................................................7
1.3 The Configuration Workflow ..............................................................................................................8
2Configuring Detector Plugins....................................................................................................................10
2.1 Rsyslog ..............................................................................................................................................10
2.1.1 Configuration File.....................................................................................................................10
2.1.2 Listener Configuration ..............................................................................................................10
2.1.3 Filters........................................................................................................................................10
2.2 OSSIM Agent Configuration..............................................................................................................11
2.2.1 Configuration File .....................................................................................................................11
2.2.2 Parameters...............................................................................................................................11
2.3 Detector Plugin Configuration..........................................................................................................13
2.3.1 ConfigurationFiles....................................................................................................................13
2.3.2 Common Event Types ...............................................................................................................13
2.3.3 Parameters ...............................................................................................................................13
2.3.4 Using Local (Plugin)...
Building Collector Plugins
Admin Guide
Copyright © Alienvault 2010
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical,including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and publisher.
Any trademarks referenced herein are the property of their respective holders.
Table of Content
1Overview.....................................................................................................................................................4
1.1 OSSIM Agent Role...............................................................................................................................4
1.1.1 Event Collection ..........................................................................................................................4
1.1.2 EventNormalization ...................................................................................................................4
1.2 OSSIM Server Role ..............................................................................................................................6
1.2.1 Event Enrichment.......................................................................................................................6
1.2.2 Policies and Actions ....................................................................................................................7
1.3 The Configuration Workflow ..............................................................................................................8
2Configuring Detector Plugins....................................................................................................................10
2.1 Rsyslog ..............................................................................................................................................10
2.1.1 Configuration File.....................................................................................................................10
2.1.2 Listener Configuration ..............................................................................................................10
2.1.3 Filters........................................................................................................................................10
2.2 OSSIM Agent Configuration..............................................................................................................11
2.2.1 Configuration File .....................................................................................................................11
2.2.2 Parameters...............................................................................................................................11
2.3 Detector Plugin Configuration..........................................................................................................13
2.3.1 ConfigurationFiles....................................................................................................................13
2.3.2 Common Event Types ...............................................................................................................13
2.3.3 Parameters ...............................................................................................................................13
2.3.4 Using Local (Plugin)...
Leer documento completo
Regístrate para leer el documento completo.