I too am interested for when it becomes something to download.
Something like Snorby for OSSEc would be awesome.
Zate
On Thu, Jul 19, 2012 at 3:14 PM, Tate Hansen wrote:
> This link works best to get to our preview:
> https://www.uncommondata.com/demo/
>
> Laurent – The in
On that front, is there a decode for windows AD NS Server logs?
I couldn't find one.
Zate
On Wed, Jun 27, 2012 at 7:48 AM, dan (ddp) wrote:
> On Fri, Jun 15, 2012 at 7:08 AM, C. L. Martinez
> wrote:
> > Hi all,
> >
> > Somebody knows some confident reputation
Yeah we built custom binary RPM's, try the newer atomic ones, I hear good
things about those. We had a tight deadline to meet and had to improvise.
When I get a chance I intend to go back and redo our process with the
atomic RPM's.
Zate
On Tue, Jun 26, 2012 at 11:51 AM, dan (d
how dynamic it is.
Zate
On Fri, Jun 22, 2012 at 7:04 AM, dan (ddp) wrote:
> On Thu, Jun 21, 2012 at 2:58 PM, francesco
> wrote:
> > Hi all,
> > i would like to ask if someone know how to automatically download the
> > new rootkit definitions. As i saw from the centralize
t
binaries from a manual install and recreates the install on a new machine
and connects the agent automatically.
For just a 100 machines, a simple binary install and a quick bash script to
set it up should work.
Zate
On Wed, Jun 13, 2012 at 8:29 AM, dan (ddp) wrote:
> The install.sh and In
Yeah I dont see a problem with sharing it. Nate actually did most of it,
and we are still tweaking it a little but give me a week or so to get the
bugs out and I dont mind sharing.
Zate
On Wed, May 23, 2012 at 9:23 AM, sklaumin...@gmail.com <
sklaumin...@gmail.com> wrote:
> Zate,
&g
t the matching fixed, going to work on grouping events into
transactions as we will get 6-8 events for every one "real" event, like
changing a security group. I can match them to a transaction vis the SID
used, should make it so I can get a true incident count.
Zate
On Tue, May 22, 2
bunch of things in splunk to
better handle some windows events as the categorization is limited.
Zate
On Mon, May 21, 2012 at 11:11 AM, Mike Wisniewski wrote:
> Hi!
>
> I've been using OSSEC for awhile now and it works well. I'm also
> interested in integrating it with Sp
thanks for the replies Michael.
We are going to leave the decoder as is and just customize/regroup the
events I think and then do some post-filtering in splunk to weed out
anything else that we can't tune out in rules.
Got an example of the sub rule matching you mentioned?
thanks.
Zate
O
gs?
Am I missing something? this is how I am understanding it looking at what
I have in front of me.
Zate
On Wed, May 16, 2012 at 8:59 PM, Michael Starks <
ossec-l...@michaelstarks.com> wrote:
> On 05/14/2012 11:26 AM, Zate wrote:
>
>> How did you deal with the windows event
Seems a little strange to combine the hostname and log source into a single
field.
Zate
On Wed, May 16, 2012 at 8:09 AM, Darrell Hyde wrote:
> You can identify the agent - you just need to dig into the schema a
> bit. The schema is pretty simple. There are like 4 tables that we
> re
plunk,
things like wrong password were spread across multiple different event ID's
and handled differently by different rules. made it hard to get like
events all grouped together.
Zate
On Mon, May 14, 2012 at 11:05 AM, MDACC-Luckie wrote:
> It really wasn't. We could have deploy
out how we can deploy this easily on scale with puppet, then we should be
in a good position to see if it will hold up to that many hosts or now.
Will keep you posted.
Zate
On Sat, May 12, 2012 at 12:45 PM, Brahim Sakka wrote:
> My question is pretty much similar to thi
Anyone who is using Splunk, how are you getting the info to the Splunk
server? Is the splunk server on the same server as your OSSEC server? I
see options for managing agents and that is a little confusing.
Zate
On Mon, Apr 9, 2012 at 4:27 PM, Qasim Ijaz wrote:
> I'll try those. Th
That helps immensely, it's pretty much exactly what we are looking to
build, right down to us using splunk and puppet and about the same amount
of hosts in the same amount of locations.
Thanks a lot.
Zate
On Sun, Apr 1, 2012 at 6:22 AM, Kat wrote:
> 4 installs --
> 1700 hosts
&
r OSSEC or write some
custom dashboards/alerts.
Trying to see how this can fit in with OSSIM also which I am looking at.
Nice to know someone else is planning/running a large install, havent seen
many documented anywhere.
Zate
On Sun, Apr 1, 2012 at 9:18 AM, Shawn Romines wrote:
> I am run
Anyone running OSSEC on 1000+ hosts that wants to share some tips/
tricks on a good architecture for large installs? Hardware tips,
deployment tips, management tips?
Dont mind discussing off list if that makes it easier.
thanks.
17 matches
Mail list logo