Have a look at active responses in OSSEC: http://ossec-docs.readthedocs.org/en/latest/manual/ar/ar-custom.html [2] In a nutshell you define a command to be run with <command> and you define when (and where) it should be triggered with <active-response>
On 2015-05-21 13:04, caplinu...@gmail.com wrote: > Hello, > > I was wondering if what is suggested in the subject line is possible ? My > company wishes to instead of having an email sent out, to have OSSEC run a > python script I have created to connect back in to our Ticketing system API > and create a incident based off of a OSSEC alert. I was looking around on the > web and i have not found anything like this yet and figured I would ask ? > > The other idea i had would be to modify the source code for the app and > change it to run a script rather than email but honestly that would be a pain > and i would perfer if possible not to go that route, however if anybody has > any ideas to that i would be open to giving it a shot. > > The last ditch Idea I had would be to setup a inbox to send ossec alerts to > and have a script go in and pull emails down, then create a ticket per email. > Writing the scripts would be simple however its getting it setup from a > infrastructure side that would not be simple in my case. > > Let me know of any questions > Jacob > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout [1]. Links: ------ [1] https://groups.google.com/d/optout [2] http://ossec-docs.readthedocs.org/en/latest/manual/ar/ar-custom.html -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
