We added support to collect events via Security Device Event Exchange (SDEE) Protocol that lets us capture events from: Cisco Network Prevention Systems (IPS) Cisco Network Detection Systems (IPS) Cisco Switch IDS Cisco IOS routers with Inline Intrusion Prevention System (IPS) functions Cisco IDS modules for routers Cisco PIX Firewalls Cisco Catalyst 6500 Series firewall … Read more
Ossim: Using Cisco SDEE Protocol to collect security events
October 29th, 2009 | Posted by in Alienvault OSSIM - (Comments Off)LUHN checksum algorithm Lua implementation
September 12th, 2009 | Posted by in Code | Lua - (Comments Off)I have wrote a LUA function that implements the LUHN checksum algorithm (requires bitlib), this algorithm checks that a sequence of digits is a valid credit card number. Here is the code: local bit = require("bit") local band, bor, bxor = bit.band, bit.bor, bit.bxor function checksum(card) num = 0 nDigits = card:len() odd = band(nDigits, … Read more
0-day in Microsoft IIS 5/6 FTP
September 1st, 2009 | Posted by in Alienvault OSSIM | Attacks | Vulnerability Management - (Comments Off)A 0-day exploit in Microsoft IIS 5/6 FTP was recently published on Milw0rm while HDMoore is porting the bug to Metasploit. Alienvault’s feed customers are protected with the directive released today: 45046 :AV Possible 0day IIS FTP Exploit against DST_IP http://isc.sans.org/diary.html?storyid=7039 UPDATE: We have previously coverage with two directives present on Alienvault Professional Feed: 45024: … Read more
AlienVault/OSSIM Job Opening: Documentation Writer required.
August 23rd, 2009 | Posted by in Alienvault OSSIM - (Comments Off)Hello all, we’re looking for somebody to assist us in the elaboration of documentation around OSSIM, it’s components and Open Source Security in general. We require strong knowledge both in English written skills as well as experience on OSSIM. We are willing to pay on a per-work basis up to 3000 or 4000 . a … Read more
Infocon raised to yellow for Excel Activex vulnerability
July 14th, 2009 | Posted by in Alienvault OSSIM | Attacks | Exploits | Vulnerability Management - (Comments Off)Microsoft has released an advisory related to Office Web Components Activex. The ISC has raised the Infocon to yellow due to the active exploitation of the vulnerability from several .cn domains. Alienvault’s feed customers are protected and covered with these directives: 45050: AV Possible Malicious Server exploiting Excel ActiveX Client against DST_IP (CVE-2009-1136) 45051: AV … Read more
