I thought this might be a bit spammy but Daniel said I should post it, so here goes...
-I'll be presenting "OSSEC in the Enterprise" at the Rochester Security Summit on October 29. In addition to the presentation, I'll be working with some local security students to have OSSEC monitoring a capture-the-flag contest. We'll be putting OSSEC to the test to see what alerts we get. With any luck, we'll also be able to develop some new signatures as a result of the attacks. -During the entire last week of October I'll also be posting some of my favorite ways to use OSSEC. There will be tips-and-tricks that you may already be aware of, but then again, maybe not. Finally, I'd like to put out a call for info about real-world OSSEC usage that people might find useful. Although I have used OSSEC in an enterprise setting for several years, I know there are larger installs out there. I'm interested in things like: 1) How big is your install? 2) How has it helped you with compliance? 3) What did OSSEC detect that you already had in your environment or wouldn't have seen without it? 4) What is the biggest problem in administering it or what feature do you really need. You can e-mail me privately and request anonymity or post here. Details about the conference and the presentation are at the links below. Please be sure to introduce yourself if you can attend! -- Michael Starks [I] Immutable Security http://www.immutablesecurity.com Information Security, Privacy and Personal Liberty Week of OSSEC - Every day a new OSSEC post - Oct 25-31 Speaking on "OSSEC in the Enterprise," Oct 29 2009 (http://www.immutablesecurity.com/index.php/2009/09/10/ossec-at-the-rochester-security-summit/)
