Collaborate Disseminate
I want to switch to a different log monitoring solution, and I am currently evaluating Wazuh, an OSSEC fork which seems to be a popular choice among the open-source community.
Reading the documentation, the following sentence caught my eye… Continue reading What "power" does a Wazuh server have over a client/agent?
I am trying to make the Windows OSSEC agent to send syslogs to a local server. However, Wireshark is showing nothing on port 514. could you pleaseadvise?
I’m using OSSEC server to monitor machines with OSSEC agents, which monitor this login via SSH, file creation, etc.
I have configured OSSEC to send an email when it detects a problem, but this control mode is very bad for data control and … Continue reading How to analyze/monitor OSSEC logs on Ubuntu
Today I use OSSEC as HIDS, but reading Wazuh’s site it seems to be more modern and has more resources.
I saw that it has an Elastic Stack integration, something I don’t interested about due to using Java and using a lot of server resources… Continue reading Monitor logs managed by Wazuh and OSSEC
I would like to perform a few basic tests on a few of OSSEC’s capabilities and be able to document them. I have no experience with HIDS and I am not really sure where I could start or which tests with OSSEC I can perform and document.
My q… Continue reading Which tests can I perform with OSSEC?
I configured an OSSEC server on Ubuntu 20.04 to monitor changes on client machines (also Ubuntu 20.04).
My configuration aims to monitor in real time changes that occur in the default system folders and in the Apache server folder (new fil… Continue reading Use OSSEC to monitor changes to directories in real time
If you follow me, you probably already know that I’m a big fan of OSSEC. I would like to thank 44Con for accepting my next training! If you are interested in learning cool stuff about OSSEC and how to integrate it with third-party tools/sources, this one is for you! OSSEC
The post Next OSSEC Training Scheduled @ 44Con appeared first on /dev/random.
I published the following diary on isc.sans.edu: “Suspicious Endpoint Containment with OSSEC“: When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections. To place the device into a restricted environment is definitively better than powering off the system
The post [SANS ISC] Suspicious Endpoint Containment with OSSEC appeared first on /dev/random.
Continue reading [SANS ISC] Suspicious Endpoint Containment with OSSEC
I am new to OSSEC and Cyber Security in general and would like to understand it a bit better. OSSEC provides so called "Rules Groups" alerts get assigned to and I would like to understand those groups a bit better.
https://www.os… Continue reading OSSEC Rules Group Explanation
I realized my system Ubuntu and windows dual boot might have been compromised. So, I installed OSSEC HIDS to try to look for issues.
When I ran dmesg, i found the following trace:
————[ cut here ]————
[ 3… Continue reading Help in understnading HIDS OSSEC traces