Hi Jacob,
That sounds interesting. In case you need help to create decoders/rules or
active responses for your snort logs paste here some log samples.
On Tuesday, May 10, 2016 at 10:41:36 PM UTC+2, Santiago Bassett wrote:
>
> That seems doable yes. I haven't seen that done before, but
That seems doable yes. I haven't seen that done before, but theoretically
should work.
On Tue, May 10, 2016 at 1:35 PM, Jacob Mcgrath
wrote:
> Is it possible to have Ossec monitor Snort logs for certain Sid's and then
> trigger the active response on all agents when
Is it possible to have Ossec monitor Snort logs for certain Sid's and then
trigger the active response on all agents when event occurs.
Looking at reacting to Nmap and Nessus type scans on my internal network.
I guess I would have to monitor the Security Onion servers snort log for
Sid's for