Part 2: The Console

I’ll work the Leap Motion into it later.

After reading the Endpoint Security Management Buyers Guide, it became clear that there is a need to provide a centralized console to consolidate security events for managed assets.

By the time this project is finished, we’ll have plenty of probes/sources of data, like an anti-virus server, a distributed HIDS (OSSEC), a NIDS (snort+sguil+squert+snorby), a syslog filter (sagan), a workstation policy engine (group policy), a patch management console (WSUS), and a configuration management engine (Foreman+RunDeck+Puppet, FOC for golden base-builds), etc. Plus, we may be using Redmine’s RESTful API to be our primary dump for a ticket queue (an escalation point).

I’ll start by working through OSSIM, and hopefully not run across anything distasteful in the process. (Prelude and ACARM-ng are looking pretty nice for correlation as well). Remember sguil is not a SIEM.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: