Alienvault OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of networks, hosts, physical access devices, and servers. OSSIM incorporates several other tools, including Nagios and OSSEC HIDS.
For downloads and more information,
visit the OSSIM homepage.
OSSIM works pretty well in a variety of environments including Windows, Unix*, network and security devices such as routers, switches, firewalls etc. More than 30 open source security tools are integrated within OSSIM and the results of those tools are then analyzed by a framework to produce correlated event data, analysis, and reporting. The most attractive feature is the way any type of data can be parsed by the plugins since all that is required to integrate and analyze a new data source is to write simple regular expressions for the log data. Learning curve is minimal because the user is normally aware of all the tools used within the SIEM such as Nmap, OpenVAS/Nessus, OSSEC etc. A good tool in the users' arsenal for defending against modern attacks.