Sounds good, will do. -Josh
On Friday, March 27, 2015 at 9:32:18 AM UTC-4, dan (ddpbsd) wrote: > > On Fri, Mar 27, 2015 at 9:27 AM, DefensiveDepth <joshb...@gmail.com > <javascript:>> wrote: > > Newly published paper: Using Sysmon to Enrich Security Onion's > Host-Level > > Capabilities > > > > Of particular note, I wrote an OSSEC decoder and a number of rules for > > Sysmon Event ID 1: Process Created... > > > > They can be found on Github... Feel free to tweak, contribute back, send > > feedback, etc > > > > If you want to contribute them, we do enjoy pull requests. > > > Keep in mind that there may be issues with the current stable release > (2.8) > > as the <eventchannel> bug is unfixed-- > > > > I believe the bug fix is slated to be released with > > 2.9...(https://github.com/ossec/ossec-hids/issues/224) > > > > -Josh > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.