This release features a completely rewritten logger with a huge performance increase, an HIDS frontend, SIEM analysis improvements like forensics timeline, custom reports derived from custom views, and geopositioning of attackers. Additional new features include Distributed Full packet capture with a centralized Web frontend, user management adjusted to PCI requirements, completely rewritten dashboards, Emerging Threats Pro feed integration, custom and tickets. Enhancements to usability, asset discovery, and the update procedure make this a major release.
This release features a completely reworked reporting interface based on JasperServer, unifying compliance, security, NMS, and inventory reporting. New features also include a completely rewritten scanning interface, a powerful Netflow/Sflow collector interface, a complete PCI wireless compliance interface, and a lot more.
This release corrects lots of security problems
that have appeared on the underlying OS during the
last months. It also adds clamav and mod-security
for self-protection, a ton of ossim bugfixes, and
the new alienvault feed for nessus updates.
The OSSIM installer aims at providing an easy to use introduction to new users approaching OSSIM. Besides configuring all the needed components, it provides tools to ease an initial approach for new users to the Security Information Management area. Advanced graphs, viewers, and tuning are included, which would not be possible to achieve using standard OS installation packages.