I wrote a simple paper about snort csv output mode and ossec active response.
Introduction: Actually the number of attacks and flaws are increasing and more and more we need our servers @ internet what improve companies that need security in depth. Goal: This paper won't teach you to install or configure snort or OSSEC HIDS, my goal here is to teach you use snort csv output and build rules at OSSEC for active response. Ossec must be installed with active-response enable. Paper english: http://www.brc.com.br/artigos/ossec-snort-activeresponse_english.pdf Paper pt_BR: http://www.brc.com.br/artigos/ossec-snort-activeresponse_pt-BR.pdf Sorry about my english, I wrote it in pt_BR and did a quick translation to english. Hope you enjoy!! Rodrigo Montoro (Sp0oKeR) -- ========================= Rodrigo Ribeiro Montoro Analista de Segurança SnortCP / RHCE / LPIC-I http://spookerlabs.multiply.com =========================
