[ossec-list] Re: windows malware detection

I has written this code so far. [Trojan Downloader] [all] [016eb36cc03a562545f0b3bed36f49a6] f:C:%WINDIR%\System32\trojan\trojan12.exe; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion; p:r:trojan12.exe; -- --- You received this message because you are subscribed to the

[ossec-list] Ruxcon 2016 Call For Presentations

Ruxcon 2016 Call For Presentations Melbourne, Australia, October 22-23 CQ Function Centre http://www.ruxcon.org.au The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2016. This year the conference will take place over the weekend of the 22nd and 23rd

Re: [ossec-list] Re: Change ossec.conf globaly

It sounds new ossec agent installation with minimal ossec.conf is requried Thanks for interest. 8 Mar 2016 tarihinde 22:17 saatinde, Ryan Schulze şunları yazdı: > If he doesn't have any kind of configuration management/orchestration in > place it might make more sense to

Re: [ossec-list] Re: Change ossec.conf globaly

If he doesn't have any kind of configuration management/orchestration in place it might make more sense to use a minimal ossec.conf on the agents and deploy any changes via the shared/agent.conf on the master. That way he won't run into problems again with settings on the agents he might have

[ossec-list] Wazuh fork and Sysmon

Hey Guys, I have been running the latest OSSEC 2.83 with a Wazuh fork upgrade. I have performed the Wazuh auto update with the .py script. All works well, thanks guys. I have simply noticed recently that I can not make use of my favorite Sysmon based correlations because I am not able to

[ossec-list] Re: Change ossec.conf globaly

I can't imagine a way to change ossec.conf on every agent if you are not using some deployment software (like Puppet). One solution for further installations is to change default ossec.conf file in order to include your EventID exception. Regards, Pedro S. On Monday, March 7, 2016 at 3:02:49

[ossec-list] Ossec with sysmon events Wazuh fork

Hey Guys, I have been running the latest OSSEC 2.83 with a Wazuh fork upgrade. I have performed the Wazuh auto update with the .py script. All works well, thanks guys. I have simply noticed recently that I can not make use of my favorite sysmon based correlations because I am not able to

Re: [ossec-list] Re: Change ossec.conf globaly

We configure all agents via manually by hand; so it is too hard to change ossec.conf manually; 2016-03-08 14:13 GMT+02:00 dan (ddp) : > On Tue, Mar 8, 2016 at 5:53 AM, wrote: > > > > If we don't delete these tag in local ossec.conf, it sends these

[ossec-list] windows malware detection

Hello, I have one question. Is it possible to use malware sample in win_malware_rcl.txt file? I used the website it said ,but it did not work.(http://www.slideshare.net/SantiagoBassett/malware-detection-with-ossec-hids-osseccon-2014) I want to ask how to improve certain code or someting to work

Re: [ossec-list] Re: Change ossec.conf globaly

On Tue, Mar 8, 2016 at 5:53 AM, wrote: > > If we don't delete these tag in local ossec.conf, it sends these log again. > > It doesnt solve problem, any suggesion? > How do you currently do configuration management? > > 8 Mar 2016 tarihinde 12:29 saatinde, Jesus Linares

Re: [ossec-list] Re: Change ossec.conf globaly

If we don't delete these tag in local ossec.conf, it sends these log again. It doesnt solve problem, any suggesion? 8 Mar 2016 tarihinde 12:29 saatinde, Jesus Linares şunları yazdı: > Hi, > > check out the documentation: >

[ossec-list] Re: Change ossec.conf globaly

Hi, check out the documentation: http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-configuration.html It would be something like: */var/ossec/etc/shared/agent.conf*: Security eventchannel Event/System[EventID!="4648" and EventID!="4656" and