Hi! You can use LighSIEM. https://github.com/dsvetlov/lightsiem
It contains all nessecary inputs and patterns for OSSEC. You can use production ready dashboards and make any query you want. вт, 7 июля 2015 г. в 18:24, <namobuddhaon...@gmail.com>: > Hello Group, > > I was wondering how folks use ossec to search for IOC's (indicators of > compromise). I have two choices I can use the OSSEC Web UI, or Kabana. > > I looking for ideas (and specific query's) of how to hunt using ossec, and > use it in general for security issues. I.E. I imagine a good query in > Kabana might be looking for logins at off areas, and things like this. > > I would love to hear from ossec guru's and any links to specific resources > are appreciated. > > Thanks! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
