alienvault ossim

akanarya · March 18, 2021, 09:54:42 PM

Hi,
Does anyone has alienvault ossim plugin for opnsense?
Or how can i integrate opnsense logs with alientvault ossim?
I forwarded the logs via "System: Settings: Logging / targets" menu.
I could just see syslog plugin in ossim, but log results are kind of meaningless.
Thanks,

mimugmail · March 19, 2021, 06:11:54 AM

Where did you find a Plugin for ossim?

akanarya · March 19, 2021, 07:49:59 AM

Quote from: mimugmail on March 19, 2021, 06:11:54 AM
Where did you find a Plugin for ossim?

I think there is a misunderstandig.
There is no ossim plugin in opnsense, or i dont know. Logs are send via opnsense remote logging menu.
I am looking for an opnsense plugin in ossim.

mimugmail · March 19, 2021, 10:54:45 AM

Ok, so then it might be better to ask over there?

akanarya · March 19, 2021, 10:37:31 PM

it is also an option but there are lots of plugins in ossim but much fewer siem solutions for opnsense.
So I thought it is more likely to find the answer here.
I searched there before asking here, but there is no opnsese plugin there.
there is just a suricata option afaik.
may be there is someone here who had an experience.

mimugmail · March 20, 2021, 12:07:05 PM

It should support Eve Log.

akanarya · March 27, 2021, 09:10:59 AM

There is an option for eve log but for only suricata.
And unfortunatelly that doesnt work for suricata either, there should be a bug in plugin according to my searches.

alienvault ossim

akanarya

March 18, 2021, 09:54:42 PM

mimugmail

March 19, 2021, 06:11:54 AM #1

akanarya

March 19, 2021, 07:49:59 AM #2

mimugmail

March 19, 2021, 10:54:45 AM #3

akanarya

March 19, 2021, 10:37:31 PM #4

mimugmail

March 20, 2021, 12:07:05 PM #5

akanarya

March 27, 2021, 09:10:59 AM #6