Today begins the Third Annual Week of OSSEC. I put together a list of
discussion topics (one per day) which are designed to build upon one
another. These are the same topics as last year. There are two reasons
for this: one, we can compare with last year and see how far we have
come (or not) and two, they seemed to work well, so why try to reinvent
the wheel? Each day, I will make a new post with the relevant topic below.
Feel free to keep the discussion going. There is no rule that says just
because the next topic is posted, the discussion from the previous day ends.
As to your own contributions (blog posts, etc) feel free to make new
topics, or reply to one of these posts if it is relevant.
Here are the upcoming topics...
Day 1: Kickoff: the week ahead.
This post. If you think about it too long, you'll realize it's a
recursive loop and go crazy.
Day 2: Tell your story. How has OSSEC helped you?
This is the day we get to recount our experiences of how OSSEC has saved
the day, or just saved us some scratch. People coming by later on who
read these will get a sense for OSSEC and if it can work in their
environment.
Day 3: Time to share: rules, configs, tips and tricks.
Post your rules, best-practices and so on. This is a great option for
those who don't want to create something like a full blog post. Just
reply with something quick and dirty.
Day 4: What bugs you: problems, challenges and room for improvement.
List the most annoying bugs. What makes OSSEC difficult to use? What is
the biggest area for improvement? What are we missing?
Day 5: Shared intelligence: what does an attack look like?
Let's think about the actual attack vectors and hallmarks of an attack.
What happens when a host is attacked? What are the usual sequence of
events that take place? How can OSSEC effectively detect these while
keeping the noise down?
Day 6: Time to dream: what does the future of OSSEC look like?
This is the big perspective on the future of OSSEC. Think BIG! It
doesn't matter if no HIDs has ever done it before. It doesn't even
matter if you think it can't be done. Let's dream.
Day 7: Making it happen: who, what, when and how?
On this day, we'll try to take some of what we have learned and develop
a plan of action. We'll take the combined community intelligence and see
if we can make it real. Feel free to jump in with your talents to solve
a problem!
