YES Jer, that is the conclusion I came to as well. Being a complete noob at this world, I was needing validation on what I was starting to conclude. Thank you.
Question: Does anyone know of anyone using these two in conjunction? I will likely end up in that direction, but would love any contact with someone in the same boat. Regards and thanks, Troy ________________________________ From: Jeremy Lee <[email protected]> To: [email protected] Sent: Thursday, September 27, 2012 1:14 PM Subject: Re: [ossec-list] OSSEC vs AWS Cloudwatch..or Cloudwatch with OSSEC? Sorry, I think I misunderstood the initial question and ended up going off on a tangent :) I don't think it's a one-or-the-other choice and as you were referring to, it's probably best to use both OSSEC and Cloudwatch together if the need is there. But as far as active response, FIM, and probably several other features, I don't see those features with Cloudwatch. From the way I understand it, it seems OSSEC has more granular features whereas Cloudwatch may provide more high-level monitoring and statistics. On Thu, Sep 27, 2012 at 12:59 PM, dan (ddp) <[email protected]> wrote: On Thu, Sep 27, 2012 at 3:55 PM, T STONE <[email protected]> wrote: >> Yes, true. While I have Ossec monitoring systems in a non-AWS environment >> and alerting properly, there is some idea that AWS can also provide that >> functionality. From what I have seen, the move would be to use them >> together. >> >> I was hoping there was someone here that has some personal experience with >> it and might offer some insight. >> > >It'd be great if you explained what part of cloudwatch you think is >comparable to OSSEC. I haven't seen anything that provides any of the >OSSEC functionality so far... > > >> ________________________________ >> From: dan (ddp) <[email protected]> >> To: [email protected] >> Sent: Thursday, September 27, 2012 12:50 PM >> Subject: Re: [ossec-list] OSSEC vs AWS Cloudwatch..or Cloudwatch with OSSEC? >> >> On Thu, Sep 27, 2012 at 3:44 PM, tstoneami <[email protected]> wrote: >>> HI Folks; >>> >>> My company is close to deploying a web site on AWS, and has Cloudwatch >>> enabled. >From everything I have seen so far, CW does some basic system >>> monitoring out of the box, and you can write custom scripts to do more - >>> although I haven't located the docs for that yet... >>> >>> My question: Can anyone recommend a course of action? I have seen AWS >>> recommend OSSEC for intrusion detection as a best practice, but not for >>> log >>> analysis. Is there any knowledge out there on this? Has anyone used OSSEC >>> in combination with Cloudwatch? >>> >>> Thanks for any input, >>> >>> Troy >>> >> >> I must be missing something, because these features don't seem to be >> competing with OSSEC in any way: http://aws.amazon.com/cloudwatch/ >> >> >
