ITSEC Adventures! Anyone try OSSIM + PfSense?

Long story short.. In my job we are testing various SIEMS. one of them was Alien Vault OSSIM.
So.. I was getting bored in my house and I decided to route all the syslog of my PfSense to the fancy UI of OSSIM.. (Couse sexiness and stuff)

Googling it a bit, found that basically is a pain in the ass to set those two work together... So any helpful suggestion or a good tutorial?
(Running latest build of pfsense 2.2.6 and last build of OSSIM)

So far my best shot is istalling a plugin made from a random user in Alien Vault Forums and run that plugin in pfsense and try to figure it out how to route those syslogs..

Thanks in advance :D

The capability is there, but it's definitely not in the GUI. You would have to send traps and syslogs tot he right place and configure triggers.

It's complicated, but it can be done.

Let me know if you need specifics.

im interested......

1 Like

Hey man, I was playing around with sensors... not much progress so far couse of social interactions.. but anyway I am hoping next week get full hands (and feets why not...) on this.
The capabilities as you said are quite good... Also saw a couple of manuals to set OSSIM working along with Cisco ASA and Juniper SRX.. Sadly PFSense easy deployment is a bit robust, but not impossible..
If I got any doubt I will contact you.