Friday, September 15, 2017
Scripts to inject sample data to AlienVault OSSIM SIEM
Scripts to inject sample data to AlienVault OSSIM SIEM
I just published a few scripts I wrote to inject sample data to AlienVault or OSSIM (Open Source Version) Unified SIEM. Those can be found in Github:
https://github.com/santiago-bassett/Alienvault-Demo_scripts
The scripts are ready to emulate Syslog data coming from these sources: Aruba Wireless, Cisco ASA, Cisco PIX, ClamAV, Oracle Database, OSSEC HIDS, Sonicwall and SSH.
As well, the scripts are ready to inject malicious network traffic in a dummy interface so it can be analyzed by Snort NIDS. Some of the traffic injected is related to: botnets, C&C communications, Zeus, spambot or spyware. The pcap files can be found in this directory:
https://github.com/santiago-bassett/Alienvault-Demo_scripts/tree/master/pcaps
download file now
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.