Many thanks for js.opdebeeck for his support, I have 4 questions regarding "using OSSEC for detecting Cloud attacks"
1- How OSSEC detects the unauthorized intruders (i.e., intruders who stolen user credential using some brute force tools and authenticated to the cloud system)? (i.e., Some IDSs detect the anomaly behaviours for these intruders by comparing these behaviors to the normal one using some techniques like neural network or expert systems), So is OSSEC doing some thing like that using log analysis techniques? I understood that OSSEC uses log mining technique but I did not find any details about that. 2- Can OSSEC analyzer correlate between logs coming from different VMs for the same user in the cloud system in order to analyze the behaviour for this user in all VMs running in the cloud system. 3- Is the VMM allowing to the collector component installed inside the VM to send its logs to the physical host OS? 4- Please, if any one has some documents explain how OSSEC detects these unauthorized intruders and both the SQL injection and rootkit attacks, please send me these links. Thanks, Hesham On Feb 22, 3:20 pm, Js Opdebeeck <[email protected]> wrote: > Hello; > > On ESXi just forward the events via SYSLOG then capture the events with > OSSEC. > > ESXi -> Syslog <- OSSEC > > Details for ESX and ESXi Syslog forward > :http://beyondvm.com/tutorial-esx-4-0-syslog-configuration > > Kind regards
