By default, many of the known open source tools are enabled as detectors in Sensor profile, such as Snort, Ntop, ossec, Osiris, and Nagios etc.
Database profile uses MySQL database to store the configuration information and siem events.
The next major redbox task is to customize the directives, correlation directives, and rules so that false positives are reduced and you have the ability to set almost any kind of conditions for triggering an alarm/ticket.
Plugins, much of the deployment work comes when connecting desired data-sources to the ossim server.
For instance, the plug-in script for the Symantec Anti-Virus didnt work, so I had to modify the configuration file by changing the regex.
Reporting ossim reporting is highly scalable and easy to work with.