On Wed, Jun 17, 2020 at 9:15 AM sensato cybersecurity <i...@sensato.co> wrote: > > Would someone know if the following is possible? > > I have a product by the name of BitDefender which can produce a log - the log > is in CEF format I believe. That log contains alerts that are raised by > various endpoints being monitored by BitDefender. > > Is there a way I could deploy an OSSEC agent on the BitDefender server and > read in the log it produces and send that information as alerts to the OSSEC > server? >
I don't know much about bitdefender, so it's hard to say. OSSEC can install on most Windows and Linux systems. If it's a blackbox appliance it would be a lot harder. Looking at their site there are a lot of products. Which one are you using specifically? Is the log file an actual file or does it log to a database or something? > The log being produced by BitDefender is usually sent to a SIEM, so bascially > I am trying to get the OSSEC agent to act as a mini-SIEM - reading custom > logs. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/efe69c46-e7d5-45aa-8fc5-dc8bbae6cfaco%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMr2jiT-skJ4ivKWN%2BUV1CY%2Brb2p%3DbK5gfmeVBicWShMaA%40mail.gmail.com.
