Hi Jacob,
Is it possible for a Windows agent to have an active response let say to
> network scans?
Yes, it is possible. As Dan said, you must be able to detect the attack and
then you use the proper active-response.
Detect attacks is the hardest part. I did it reading Fortinet logs.
On Wed, Apr 13, 2016 at 7:47 AM, Jacob Mcgrath
wrote:
> Forgot that part before bed,
>
> Question is; Is it possible for a Windows agent to have an active response
> let say to network scans?
>
Yes, if you can detect the scan there should be a way to trigger an AR.
Forgot that part before bed,
Question is; Is it possible for a Windows agent to have an active response
let say to network scans?
On Tuesday, April 12, 2016 at 3:52:09 PM UTC-5, Rob B wrote:
>
> Hello Folks,
>
> Could someone help me wrap my head around the windows active response
>
On Tue, Apr 12, 2016 at 11:29 PM, Jacob Mcgrath
wrote:
> I am as well interested in this process in regards to OSSEC and windows
> active response. I am considering a deployment on a
> AD controlled business environment. Was considering active response for
> windows
I am as well interested in this process in regards to OSSEC and windows
active response. I am considering a deployment on a
AD controlled business environment. Was considering active response for
windows clients when network scans are detected, nmap Nessus, MBSA ect ect.
As well as logging