Hi All,
I've been searching for a couple of days now to why I see very random
behaviour in active responses (especially the firewall drop). The problem
is that rules are triggered as expected, while monitoring at set of
webserver log files. However the agent does not consequently invoke the
sc
Hi again Colin,
Sounds like I didn’t really get you any further forwards than you’d already
managed for yourself. I’ve never tried playing with the client side
“manage_agents” to be honest. I’ll have to give it a whirl and see how it goes.
But I suppose even if I can get it working then it’s ju
No, really nothing, maybe if i analyse the ids signature of a snort rules
- For the logs and writing, it depends...
there so much attack in a POST request.
Do you try ossec on with mod_dumpost ?
- Mail original -
De: gr...@castraconsulting.com
À: ossec-list@googlegroups.com
Cc: secucatc
Hello All,
I wanted to announce the availability openSUSE and SLE
ossec-hids-2.8.1 packages from the openSUSE Build Service
server:monitoring repository. If you have any question ping me off
list or if you're interested in contributing see the Project URL
below.
Packages are available for the fol
Dear Chris,
Thanks for the suggestions.
I have done something similar but had major problems importing the key. I think
the problem with manage_agents is that the –I option should be followed by the
key and not an ID as shown in the help text. However, that is just a guess as I
needed to
I have not seen a log in the wild that would let me write a rule for this
Any luck on your end?
On Thursday, November 20, 2014 5:07:31 AM UTC-5, secuc...@free.fr wrote:
>
> hi
> does someone has rule for MS14-066 ?
> https://technet.microsoft.com/en-us/library/security/ms14-066.aspx
> or maybe
manage_agent is a server side function, not a client side.
On a Windows platform you can manually add your key in 'client.keys' then
restart the agent
On Tuesday, November 25, 2014 12:19:07 PM UTC-5, Colin Bruce wrote:
>
> Is there any way on Windows to install the agent’s key without using the
Hi Colin,
What we’ve done is script it all. We have around 600 OSSEC agents in nearly as
many remote locations. We grep the individual agent keys out of client.keys on
the server. This is then copied to a location visible to the agent machines and
renamed to reflect the name of the individual a