subject:"\[ossec\-list\] OSSEC Splunk or other RHEL option\?"

Re: [ossec-list] OSSEC Splunk or other RHEL option?

2014-08-04 Thread Paul Southerington

In terms of comparison, the OSSEC app and the PCI app for Splunk are
intended to be very different things.

It looks like the PCI app is meant to cover as much of the PCI requirements
as possible, and it knows about the actual PCI requirements themselves. It
looks like maybe it also some asset tracking and/or ticketing stuff as
well, from a quick glance. I haven't used it, though I've used other apps
from Splunk that were built following the same general approach.

The OSSEC app wasn't designed for PCI per se, and doesn't know anything
about the requirements.  But it will probably be fine if you're just
looking to meet the requirements for the File Integrity Monitoring
component.  There are definitely some changes in the works for the OSSEC
app (better documentation around setup in particular, data models, etc.),
but getting them rolled into a public release is heavily dependent on when
I have time to spend on it. The current release seems to work pretty well
from most people, so it hasn't needed urgent updating for the most part.
 And of course, it's free, whereas the PCI app from Splunk is probably not
cheap.

If you do have the PCI app, however, you should be able to feed it file
integrity data from the OSSEC app without major difficulty.

On Mon, Aug 4, 2014 at 9:39 AM, theresa mic-snare 
wrote:

> Hi,
>
> thanks for creating this thread, as I'm also interested in using OSSEC in
> combination with the Splunk App (also on RHEL servers). Also what is the
> difference between the OSSEC app and the PCI DSS compliance app which you
> would have to pay for?!
> do you have any experience with the PCI DSS app?
>
> many thanks in advance,
> theresa
>
> Am Samstag, 12. April 2014 15:27:32 UTC+2 schrieb nicolaszin:
>>
>> Hi,
>>
>> yes the app for splunk (http://apps.splunk.com/app/300/
>> )
>> is 2 years old, but it is still working :-). It is marked as working with
>> splunk 6, and I have a running instance that is working fine with it. Did
>> you give it a try?
>> Do you need instruction how to setup splunk 6 + ossec report?
>>
>> Regards,
>>
>>
>>
>>
>> On Sat, Apr 12, 2014 at 8:56 AM, Glenn Ford  wrote:
>>
>>> Hi all,
>>>
>>> I was originally going to do an OSSEC -> OSSIM setup but running into
>>> some issues with RHEL compliance since OSSIM is Debian.
>>>
>>> Now I was looking at Splunk (Free) Enterprise but noticed the splunk app
>>> to integrate OSSEC is now 2 years old and most likely does not work with
>>> Splunk v6.
>>>
>>> Does anyone have an SIEM solution that has a free crippleware version
>>> such as alientvault ossim or splunk enterprise that works on RHEL?
>>>
>>> Thanks in advance,
>>>
>>> Glenn
>>>
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ossec-list+...@googlegroups.com.
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>  --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] OSSEC Splunk or other RHEL option?

2014-08-04 Thread theresa mic-snare

Hi,

thanks for creating this thread, as I'm also interested in using OSSEC in 
combination with the Splunk App (also on RHEL servers). Also what is the 
difference between the OSSEC app and the PCI DSS compliance app which you 
would have to pay for?!
do you have any experience with the PCI DSS app?

many thanks in advance,
theresa

Am Samstag, 12. April 2014 15:27:32 UTC+2 schrieb nicolaszin:
>
> Hi,
>
> yes the app for splunk (http://apps.splunk.com/app/300/ 
> )
>  
> is 2 years old, but it is still working :-). It is marked as working with 
> splunk 6, and I have a running instance that is working fine with it. Did 
> you give it a try?
> Do you need instruction how to setup splunk 6 + ossec report?
>
> Regards,
>
>
>
>
> On Sat, Apr 12, 2014 at 8:56 AM, Glenn Ford  > wrote:
>
>> Hi all,
>>
>> I was originally going to do an OSSEC -> OSSIM setup but running into 
>> some issues with RHEL compliance since OSSIM is Debian.
>>
>> Now I was looking at Splunk (Free) Enterprise but noticed the splunk app 
>> to integrate OSSEC is now 2 years old and most likely does not work with 
>> Splunk v6.
>>
>> Does anyone have an SIEM solution that has a free crippleware version 
>> such as alientvault ossim or splunk enterprise that works on RHEL?
>>
>> Thanks in advance,
>>
>> Glenn
>>
>> -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] OSSEC Splunk or other RHEL option?

2014-04-12 Thread Nicolas Zin

Hi,

yes the app for splunk (http://apps.splunk.com/app/300/) is 2 years old,
but it is still working :-). It is marked as working with splunk 6, and I
have a running instance that is working fine with it. Did you give it a try?
Do you need instruction how to setup splunk 6 + ossec report?

Regards,




On Sat, Apr 12, 2014 at 8:56 AM, Glenn Ford  wrote:

> Hi all,
>
> I was originally going to do an OSSEC -> OSSIM setup but running into some
> issues with RHEL compliance since OSSIM is Debian.
>
> Now I was looking at Splunk (Free) Enterprise but noticed the splunk app
> to integrate OSSEC is now 2 years old and most likely does not work with
> Splunk v6.
>
> Does anyone have an SIEM solution that has a free crippleware version such
> as alientvault ossim or splunk enterprise that works on RHEL?
>
> Thanks in advance,
>
> Glenn
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] OSSEC Splunk or other RHEL option?

2014-04-12 Thread Eero Volotinen

How about fluentd+kibana?
12.4.2014 16.05 kirjoitti "Glenn Ford" :

> Hi all,
>
> I was originally going to do an OSSEC -> OSSIM setup but running into some
> issues with RHEL compliance since OSSIM is Debian.
>
> Now I was looking at Splunk (Free) Enterprise but noticed the splunk app
> to integrate OSSEC is now 2 years old and most likely does not work with
> Splunk v6.
>
> Does anyone have an SIEM solution that has a free crippleware version such
> as alientvault ossim or splunk enterprise that works on RHEL?
>
> Thanks in advance,
>
> Glenn
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] OSSEC Splunk or other RHEL option?

2014-04-12 Thread Glenn Ford

Hi all,

I was originally going to do an OSSEC -> OSSIM setup but running into some 
issues with RHEL compliance since OSSIM is Debian.

Now I was looking at Splunk (Free) Enterprise but noticed the splunk app to 
integrate OSSEC is now 2 years old and most likely does not work with 
Splunk v6.

Does anyone have an SIEM solution that has a free crippleware version such 
as alientvault ossim or splunk enterprise that works on RHEL?

Thanks in advance,

Glenn

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] OSSEC Splunk or other RHEL option?

Re: [ossec-list] OSSEC Splunk or other RHEL option?

Re: [ossec-list] OSSEC Splunk or other RHEL option?

Re: [ossec-list] OSSEC Splunk or other RHEL option?

[ossec-list] OSSEC Splunk or other RHEL option?

5 matches

Site Navigation

Mail list logo

Footer information