So after I finally got OSSEC working, I had kept running across references to AlienVault… well I finally realized AlienVault has OSSEC included as well as a number of other things… so figured I may as well attempt an install!
First off, AlienVault 5.0 does not seem to like the vmxnet3 drivers so I went back to the E1000
I will have to try http://bookmarklust.blogspot.com/2010/03/ossim-vmtools-and-you.html
This post explains how to install vmware tools on debian http://blog.rebelit.net/456
I was successful with installation and changing the NICS over to the vmxnet3 driver.
I want to just add one device, when I went to install the HIDS it was not easily apparent that you should click your node and then select the machine that drops down.
Gah, and you have to hit the ‘deploy’ button as well 😉
I definitely like that Alien automagically deploys the HIDS and sets up the key, having to do it manually is a chore 🙂
Now I’m trying to figure out assets 🙂
This is a great overview!