Building an AMI for OSSIM

Posted on May 6, 2020

Wanting to find a good SIEM that is relatively inexpensive, I started looking at the various options that are out there, and ended up falling in love with OSSIM.

…then, I discovered that AT&T bought the company up.

…and basically eliminated their EC2 offerings.

Not to be completely disappointed, I downloaded the Alienvault OSSIM ISO and started looking at it. It’s a relatively simple debian stretch iso that has had some customizations to it. The usual location of the preeseed file came out with a few zero size files – a dead end – so, I wanted to poke around some more.

Not to be be discouraged, I’ve kind of made it my personal goal to build an EC2 AMI for this. Stay tuned, as this will probably end up in my github buckets…