On Sun, Mar 29, 2015 at 7:31 AM, DefensiveDepth joshbro...@gmail.com wrote:
@dan
How does the project typically like to see pull requests with custom
decoders and/or rulesets?
ie drop the new decoder in /etc/decoder.xml create a new rules file under
etc/rules/ ?
That should be fine. Or
@dan
How does the project typically like to see pull requests with custom
decoders and/or rulesets?
ie drop the new decoder in /etc/decoder.xml create a new rules file under
etc/rules/ ?
-Josh
On Friday, March 27, 2015 at 9:32:18 AM UTC-4, dan (ddpbsd) wrote:
On Fri, Mar 27, 2015 at 9:27
On Fri, Mar 27, 2015 at 9:27 AM, DefensiveDepth joshbro...@gmail.com wrote:
Newly published paper: Using Sysmon to Enrich Security Onion's Host-Level
Capabilities
Of particular note, I wrote an OSSEC decoder and a number of rules for
Sysmon Event ID 1: Process Created...
They can be found
Sounds good, will do.
-Josh
On Friday, March 27, 2015 at 9:32:18 AM UTC-4, dan (ddpbsd) wrote:
On Fri, Mar 27, 2015 at 9:27 AM, DefensiveDepth joshb...@gmail.com
javascript: wrote:
Newly published paper: Using Sysmon to Enrich Security Onion's
Host-Level
Capabilities
Of
Newly published paper: Using Sysmon to Enrich Security Onion's Host-Level
Capabilities
http://defensivedepth.com/2015/03/27/using-sysmon-to-enrich-security-onions-host-level-capabilities/
Of particular note, I wrote an OSSEC decoder and a number of rules for
Sysmon Event ID 1: Process
Really cool stuff. Thanks for sharing.
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit