Hello All, I am new to the ossec product. I just went through a PCI audit and they required us to have IDS in our "In Scope" pci environment. I had read about ossec in the past and thought I would give it a try. I have the server loaded and the agent on 2 windows servers. I saw that they offered "Commercial Support" but none of the TRendMicro resellers in my area have the expertise. What adds to the madness is that I am not a server guy, but more of a Cisco Networking guy.
Some of my issues/concerns: With just 2 servers, im receiving tons of "Alert 10" and not really sure if they are a real concern. Most of them Audit failures. Where are these rules? How do I know what to leave in and what to take out for PCI compliance? Should I take out anything? Where can I find commercial support? Any advise would be appreciated. Robert L. Smith | TransCard Systems Engineer 4080 Jenkins Road | Suite 200 | Chattanooga, TN 37421 Office: (423) 553-5214 | Mobile: (423) 463-0050 [email protected] | www.transcard.com<http://www.transcard.com/>
