Security event monitoring service and solution for analysis of traces in computer security

Project, deployment, training and support of an open source platform for managing security events in real time.

The Open Source Security Information and Event Management (OSSIM) platform is a SIEM (Security Information and Event Managent) solution that allows you to centralize security incidents. Its architecture is made up of two main components: Sensor and Server. The Sensor allows detection of network assets, vulnerability assessment, traffic flow collection and incident detection. The Server has the function of centralizing and processing the information sent by the sensor(s) deployed in the network, correlating events, tracking security incidents through a ticket management system, defining priorities for the different detected events and display in a friendly way all the information received for subsequent analysis.

This solution integrates a set of security tools that, in a harmonious and integrative way, allows detecting security incidents through the enablement or deployment of new plugins, among the most used being the Suricata Network Intrusion Detection System (NIDS) and the OSSEC Host Intrusion Detection System (HIDS). Its flexibility lies mainly in the possibility that the platform offers to develop new plugins that provide information about a specific event that you want to alert.

FROM THE IMPLEMENTATION OF THIS SERVICE IT IS POSSIBLE:

• Report security incidents reported by the monitoring platform that put the security of your entity's technological infrastructure at risk.
• Provide periodic reports about the vulnerabilities of the entity's systems, platforms and services included in this contract.
• Real-time analysis of the traces of the different systems.