I'm curious how many people enable process accounting on UNIX or Windows and feed these to their SIM? When you start seeing tcpdump being run by user 'www' at 2:00 am, things can get interesting.
Ron Christopher Rimondi wrote: > I have used OSSEC for the past three years and believe it is an > excellent IDS. The rule set is expansive and flexible. It also > encrypts all communication between the agents and the server. Also, > check out the WUI. It has got pretty decent search functionality. Not > on the order of Splunk but, it gets the job done. > > Thanks, > > Chris Rimondi > > > ------------------------------------------------------------------------ > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com -- Ron Gula, CEO Tenable Network Security _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
