I'm investigating this problem with Syngress (publisher) but I'm hoping a
person in our OSSEC group experienced the same problem and knows where to
get an electronic copy of the book to compliment the hard copy I use to
troubleshoot/manage my OSSEC HIDS deployment. When I attain a legitimate
Hello. I recently purchased a hard copy of the OSSEC HIDS Host-Based
Intrusion Detection Guide for around $50 and was directed to
http://www.syngress.com/solutions to download my free e-book of the
material. At this web page (http://www.syngress.com/solutions) the
publisher says this service
I would like to determine the level to set Log Alerts in my OSSEC
installation. How was each event assigned a severity level? How have you
all decided the level to set your log alerts? I am concerned about logging
too many events but missing legitimate security events. Your opinions will
Thank you for this information, Dan and Michael.
On Thursday, May 17, 2012 9:06:26 PM UTC-4, Michael Starks wrote:
On 05/17/2012 11:04 AM, A-Dubbs wrote:
Can OSSEC enforce Windows Group Policy settings from being changed in
Windows Server 2008 R2? I made changes to Windows basic audit
Can OSSEC enforce Windows Group Policy settings from being changed in
Windows Server 2008 R2? I made changes to Windows basic audit policy
and upon reboot, the settings are back what it was before I modified
them. OSSEC in installed on this system and I'd like to know if OSSEC
HIDS can prevent
this.
On Thu, May 17, 2012 at 12:04 PM, A-Dubbs arlendelcasti...@gmail.com wrote:
Can OSSEC enforce Windows Group Policy settings from being changed in
Windows Server 2008 R2? I made changes to Windows basic audit policy
and upon reboot, the settings are back what it was before I modified
them
the domain controller,
WINDOWS_LOGIN_SUCCESS, or a user logon on, AUDIT_SUCCESS), I don't
think should see OSSEC triggering an alert on my system.
On May 3, 8:09 am, Florian Crouzat gen...@floriancrouzat.net wrote:
Le 02/05/2012 20:10, A-Dubbs a écrit :
Will it at least significantly reduce
on an upgrade. You should add custom rules to
/var/ossec/rules/local_rules.xml. You can create custom rules to look
for new things the default rules don't cover, or to ignore rules that
are already in place.
On Mon, Apr 30, 2012 at 2:42 PM, A-Dubbs arlendelcasti...@gmail.com wrote:
I'm looking
, A-Dubbs arlendelcasti...@gmail.com wrote:
Will increasing the log alert level from 1 to 7 in the /var/ossec/etc/
ossec.conf file reduce the number of alerts level 7 to zero alerts?
On Apr 30, 2:56 pm, dan (ddp) ddp...@gmail.com wrote:
Modifying the default rules directly isn't
Just learning OSSEC here using the documentation on ossec.net to
troubleshoot some problems.I am receiving excessive HIDS notifications
in a log for a windows machines(an agent) in my OSSEC environment.
When looking at the security log, it seems that too many events are
being added to the queue,
I'm looking for the rules file for adjusting what gets logged for
Microsoft Windows systems. Is msauth_rules.xml the correct file?
11 matches
Mail list logo