Re: [ossec-list] Re: windows active response logic

Hi Jacob, Is it possible for a Windows agent to have an active response let say to > network scans? Yes, it is possible. As Dan said, you must be able to detect the attack and then you use the proper active-response. Detect attacks is the hardest part. I did it reading Fortinet logs.

Re: [ossec-list] Re: windows active response logic

On Wed, Apr 13, 2016 at 7:47 AM, Jacob Mcgrath wrote: > Forgot that part before bed, > > Question is; Is it possible for a Windows agent to have an active response > let say to network scans? > Yes, if you can detect the scan there should be a way to trigger an AR.

[ossec-list] Re: windows active response logic

Forgot that part before bed, Question is; Is it possible for a Windows agent to have an active response let say to network scans? On Tuesday, April 12, 2016 at 3:52:09 PM UTC-5, Rob B wrote: > > Hello Folks, > > Could someone help me wrap my head around the windows active response >

Re: [ossec-list] Re: windows active response logic

On Tue, Apr 12, 2016 at 11:29 PM, Jacob Mcgrath wrote: > I am as well interested in this process in regards to OSSEC and windows > active response. I am considering a deployment on a > AD controlled business environment. Was considering active response for > windows

[ossec-list] Re: windows active response logic

I am as well interested in this process in regards to OSSEC and windows active response. I am considering a deployment on a AD controlled business environment. Was considering active response for windows clients when network scans are detected, nmap Nessus, MBSA ect ect. As well as logging