Re: [ossec-list] Using OSSEC HIDS to spot rogue software

On Thu, May 18, 2017 at 3:47 PM, Pedro Sanchez wrote: > Yes, it does. > Rootcheck works for Linux as well, we have different rootcheck policies: > https://github.com/wazuh/wazuh-ruleset/tree/master/rootchecks > OSSEC has rootcheck as well. > Cheers, > Pedro. > > On Wed, May 17,

Re: [ossec-list] Using OSSEC HIDS to spot rogue software

Hi, OSSEC has the capability to detect running processes as well as look for existing registry keys or folders present on the system, you could use that to detect the rogue software. Example of getting running processes in Windows and trigger an alert when needed (using localfiles / logcollector

[ossec-list] Using OSSEC HIDS to spot rogue software

Apologies in advance if this is a FAQ - Ive googled a bit but can;t see anything obvious returned. Ive been asked to find out of OSSEC HIDS (which we use already for other monitoring) can be used on linux variations (Centos mainly) to spot "rogue software". Now there's a ambiguous description