On 10/20/2010 07:27 AM, Michael Starks wrote:
List the most annoying bugs. What makes OSSEC difficult to use? What is
the biggest area for improvement? What are we missing? . We have already
talked a bit about key management and distributing the windows agent.
What else doesn't work too well? Any rules fp too much? Now is the time
to get it all out.
For me (in no particular order of importance), this is what I find
challenging..
-As others have noted, key management
-Command output does not work too well on Windows
-I would like to see report_changes on Windows
-A decoder for OSSEC alerts needs to be written (and should now be
possible with the multi-line decoder support). This will make
distributed manager architectures a bit nicer. (on my to-do list)
-Decoded hashes
-Better Windows decoder (on my to-do list)
-More polished and pre-tuned Windows rules (on my to-do list)
-Overall, in enterprise environments OSSEC is a bit chatty with alerts
out of the box
-We have some great contributions this week for methods to distribute
the Windows agent--more to come ;). This needs to be refined even more
to make it really easy.
--
Michael Starks
[I] Immutable Security
http://www.immutablesecurity.com
