I'm not the one having OSSIM issues, but thanks for the offer. :) dan
On Fri, Sep 9, 2011 at 6:33 AM, Waqas <waqas.bsqu...@gmail.com> wrote: > Dan, if you still want to resolve this issue without upgrading your > whole OSSIM distribution to version 3.0, just PM me your skype id and > if you want, I will take a look at it. > > On Sep 8, 11:32 pm, "dan (ddp)" <ddp...@gmail.com> wrote: >> On Wed, Sep 7, 2011 at 4:19 AM, Waqas <waqas.bsqu...@gmail.com> wrote: >> > Yes. OSSEC id 7085 with the sid 18130 can be used to detect the failed >> > Windows logins. >> >> If OSSEC does the right thing, this seems like an OSSIM issue. >> It looks like there is some OSSIM/OSSEC dev work going on at the moment. >> >> >> >> >> >> >> >> > On Sep 5, 11:35 pm, "dan (ddp)" <ddp...@gmail.com> wrote: >> >> Is OSSEC detecting the failed logins correctly? >> >> >> On Thu, Aug 18, 2011 at 4:32 PM, Brenton, Steve <sbren...@asa.org> wrote: >> >> > Does anyone have OSSEC reporting into the opensource SIEM OSSIM? I am >> >> > having >> >> > troubles with some of the alerts generating false positives and was >> >> > looking >> >> > for some advice on where to start. >> >> >> > One problem is when reporting on logon events OSSIM is reading the OSSEC >> >> > alerts as a success regardless of an access denied on the server or >> >> > successful login. >> >> >> > Thanks in advance for the help, >> >> >> > -Steve
