It depends on the "attack". If there are logs created for the attack (ie. snort logs, or system logs) then the attack can often be stopped through the use of firewalls or whatnot blocking the source. If a piece of malicious software is downloaded and installed by the user, detecting and stopping the attack become much harder. Look at the various active response documents for more information on how ossec can block attacks.
On Thu, Apr 15, 2010 at 11:35 AM, Saeid Ansaripour <[email protected]> wrote: > Is osses doing any kind of IPS at all. > It looks like ossec is more like of a loging management than anything > else. > How does it prevent the intrusion if say a malware attacks a system? > > > -- > To unsubscribe, reply using "remove me" as the subject. >
