Petites notes personnels sur la sécurité des serveurs
Sécurité -> Filtre de confidentialité
Open Source Security Information and Event Management
OSSIM features the following software components:
- PRADS, used to identify hosts and services by passively monitoring network traffic. Added in release v4.0. 
- OpenVAS, used for vulnerability assessment and for cross correlation of (Intrusion detection system (IDS) alerts vs Vulnerability Scanner) information.
- Snort, used as an Intrusion detection system (IDS), and also used for cross correlation with Nessus.
- Suricata, used as an Intrusion detection system (IDS), as of version 4.2 this is the IDS used in the default configuration
- Tcptrack, used for session data information which can grant useful information for attack correlation.
- Nagios, used to monitor host and service availability information based on a host asset database.
- OSSEC, a Host-based intrusion detection system (HIDS).
- Munin, for traffic analysis and service watchdogging.
- NFSen/NFDump, used to collect and analyze NetFlow information.
- FProbe, used to generate NetFlow data from captured traffic.
- OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support and logs integration with plugins.
Note: Suricata and Snort cannot be used at the same time. Snort is currently being phased out in favor of Suricata. 
OSSEC : Logiciel HIDS
Alert: IIS attack detected
Doc sympa http://www.ossec.net/files/OSSEC_and_OSSIM_Unified_Open_Source_Security.pdf