Menu
▾
▴
Re: [Os-sim-support] snort on ossim
|
From: Kaushal S. <kau...@gm...> - 2010-04-01 17:33:10
|
On Thu, Apr 1, 2010 at 10:29 PM, Ritter, Nicholas <Nic...@am...> wrote: > Did you look in the SIEM part of the OSSIM interface? OSSIM might not > alarm, but it should have recorded a snort event in the SIEM interface. > I am not positive the rule you created is ok, but it is redundant > because OSSIM's default snort rule set will see ICMP traffic. > > I don't know which ISO you used to do the OSSIM install, but I would > suggest that you make sure OSSIM is fully up to date with the following > commands: > > Apt-get update > Apt-get dist-upgrade > > Or > > Ossim-update Hi Ritter, I did followed your suggestion and did apt-get update, apt-get dist-upgrade, and ossim-update. and tried the same exercise. I could not see any events or alarms under Analysis -> SIEM --> Events Please further suggest. Thanks and Regards Kaushal |
