OSSEC Windows Agent Syslog Client
I am trying to make the Windows OSSEC agent to send syslogs to a local server. However, Wireshark is showing nothing on port 514. could you pleaseadvise?
Category Archives: OSSEC
How to analyze/monitor OSSEC logs on Ubuntu
I’m using OSSEC server to monitor machines with OSSEC agents, which monitor this login via SSH, file creation, etc.
I have configured OSSEC to send an email when it detects a problem, but this control mode is very bad for data control and … Continue reading How to analyze/monitor OSSEC logs on Ubuntu
Monitor logs managed by Wazuh and OSSEC
Today I use OSSEC as HIDS, but reading Wazuh’s site it seems to be more modern and has more resources.
I saw that it has an Elastic Stack integration, something I don’t interested about due to using Java and using a lot of server resources… Continue reading Monitor logs managed by Wazuh and OSSEC
Which tests can I perform with OSSEC?
I would like to perform a few basic tests on a few of OSSEC’s capabilities and be able to document them. I have no experience with HIDS and I am not really sure where I could start or which tests with OSSEC I can perform and document.
My q… Continue reading Which tests can I perform with OSSEC?
Use OSSEC to monitor changes to directories in real time
I configured an OSSEC server on Ubuntu 20.04 to monitor changes on client machines (also Ubuntu 20.04).
My configuration aims to monitor in real time changes that occur in the default system folders and in the Apache server folder (new fil… Continue reading Use OSSEC to monitor changes to directories in real time
Next OSSEC Training Scheduled @ 44Con
If you follow me, you probably already know that I’m a big fan of OSSEC. I would like to thank 44Con for accepting my next training! If you are interested in learning cool stuff about OSSEC and how to integrate it with third-party tools/sources, this one is for you! OSSEC
The post Next OSSEC Training Scheduled @ 44Con appeared first on /dev/random.
[SANS ISC] Suspicious Endpoint Containment with OSSEC
I published the following diary on isc.sans.edu: “Suspicious Endpoint Containment with OSSEC“: When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections. To place the device into a restricted environment is definitively better than powering off the system
The post [SANS ISC] Suspicious Endpoint Containment with OSSEC appeared first on /dev/random.
Continue reading [SANS ISC] Suspicious Endpoint Containment with OSSEC
OSSEC Rules Group Explanation
I am new to OSSEC and Cyber Security in general and would like to understand it a bit better. OSSEC provides so called "Rules Groups" alerts get assigned to and I would like to understand those groups a bit better.
https://www.os… Continue reading OSSEC Rules Group Explanation
Help in understnading HIDS OSSEC traces
I realized my system Ubuntu and windows dual boot might have been compromised. So, I installed OSSEC HIDS to try to look for issues.
When I ran dmesg, i found the following trace:
————[ cut here ]————
[ 3… Continue reading Help in understnading HIDS OSSEC traces
Training Announce: “Hunting with OSSEC”
After the 2018 DeepSec edition in November and the BruCON Spring Training in April, I’m happy to come back on the DeepSec 2019 schedule! OSSEC is sometimes described as a low-cost log management solution but it has many interesting features which, when combined with external sources of information, may help
[The post Training Announce: “Hunting with OSSEC” has been first published on /dev/random]