subject:"\[ossec\-list\] Have Snort signature trigger Ossec active response...\?"

Re: [ossec-list] Have Snort signature trigger Ossec active response...?

2016-05-11 Thread Jesus Linares

Hi Jacob, That sounds interesting. In case you need help to create decoders/rules or active responses for your snort logs paste here some log samples. On Tuesday, May 10, 2016 at 10:41:36 PM UTC+2, Santiago Bassett wrote: > > That seems doable yes. I haven't seen that done before, but

Re: [ossec-list] Have Snort signature trigger Ossec active response...?

2016-05-10 Thread Santiago Bassett

That seems doable yes. I haven't seen that done before, but theoretically should work. On Tue, May 10, 2016 at 1:35 PM, Jacob Mcgrath wrote: > Is it possible to have Ossec monitor Snort logs for certain Sid's and then > trigger the active response on all agents when

[ossec-list] Have Snort signature trigger Ossec active response...?

2016-05-10 Thread Jacob Mcgrath

Is it possible to have Ossec monitor Snort logs for certain Sid's and then trigger the active response on all agents when event occurs. Looking at reacting to Nmap and Nessus type scans on my internal network. I guess I would have to monitor the Security Onion servers snort log for Sid's for

Re: [ossec-list] Have Snort signature trigger Ossec active response...?

Re: [ossec-list] Have Snort signature trigger Ossec active response...?

[ossec-list] Have Snort signature trigger Ossec active response...?

3 matches

Site Navigation

Mail list logo

Footer information