Home | Blogs
Home - News - Download - Docs - Screenshots - Developers - Blogs - Forums - Contact

 
Table of Contents

Tools > NET Scan

The NET Scan page lets you set scan various networks to search for changes in the hosts services or their O.S., as shown in Figure 51 – Tools > Net Scan.

:user_manual:figure9.3.png
Figure 51 – Tools > Net Scan

As shown in the above figure, you scan easily perform a network scan by selecting an available network from the drop-down list. The IP address range appears in the text box to its right. This cannot be modified, if you want to add some new network you need to go to Policy→Networks and define a new one. Additionally, you may opt to select Manual, in which the aforementioned text box can be modified. Once you are ready, click Scan. OSSIM scans the network and displays a message once it is complete. The Click here to show the results link appears; the results appear back in the NET Scan page below the select network table.

You can click the Update Database Values, which displays the Insert new scan page. This page allows you to add global properties to the freshly scanned host. These properties are:

  • Asset
  • Threshold C
  • Threshold A
  • RRD Profile
  • Insert new profile?
  • NAT
  • Sensors
  • Scan options
  • Description


Some properties may have corresponding links that allow you to perform additional tasks, especially when working with sensors. Once you have completed any changes, click OK. You can click Reset to return to initial values.

Tools > Backup

The Backup page lets you restore previous events to your system, as well as view previously restored events, as shown in Figure 54 – Tools > Backup. This will work for the events that you see in BASE or the OSSIM event viewer. The backuped data will be the one from snort database (wich includes all the events), not the ossim database (wich includes mainly alarms and configuration entries).

:user_manual:figure9.1.png
Figure 54 – Tools > Backup

Dates that can be restored appear in the Backup Manager, below the Dates to Restore column. Simply click a date and then click Insert. OSSIM then performs the restoration and displays the status of the restore below in the Backup Events section.

To remove a restored event, click the date of the event in the Dates in Database section and click Delete. A log entry for the change is recorded in Backup Events, noting that it was deleted, at what time, by whom, and the current status of the transaction.

Tools > User Log

The User Log keeps track of user movement in OSSIM, as shown in Figure 55 – Tools > User Log.

:user_manual:figure5.5.png
Figure 55 – Tools > User Log

The Filter lets you sort log entries by user and/or by action. By default, all users and actions are displayed by date.

The user action log displays the date of the action, the user that performed the action, the IP address of the computer that performed the action, the code, and a description of the action.

Log entries are displayed 50 entries at a time; you can use the arrows above the log table to navigate log pages.

Tools > Downloads

The downloads sections provides links to software packages preconfigured for ossim operation. Currently it includeds:

  • Osiris
  • Snare
  • OCS
  • FW1Loggrabber
  • Python
  • Written By: Jason A. Minto
  • Reviewed By: Alberto Roman, Dominique Karg
  • Contributors: Juan Blanco

Please add your name to the list above if you make significant improvements to this document

 
user_manual/tools.txt · Last modified: 2009/11/28 21:59 (external edit)
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki