On Wed, Jun 27, 2012 at 8:52 AM, Zate <[email protected]> wrote: > On that front, is there a decode for windows AD NS Server logs? > I couldn't find one. > > Zate > >
Not that I know of (hopefully someone volunteers one on the list). If someone wants to send in samples it could be written though. > > On Wed, Jun 27, 2012 at 7:48 AM, dan (ddp) <[email protected]> wrote: >> >> On Fri, Jun 15, 2012 at 7:08 AM, C. L. Martinez <[email protected]> >> wrote: >> > Hi all, >> > >> > Somebody knows some confident reputation lists to use with OSSEC like >> > for example >> > http://labs.alienvault.com/labs/index.php/projects/open-source-ip-reputation-portal/download-ip-reputation-database?? >> > >> > Thanks. >> >> OSSEC doesn't really support reputations. It's pretty black or white, >> although I guess you could do something with rule levels. >> >> I use a number of sites like http://www.malwaredomainlist.com/ to >> create lists of suspected bad domains. I then monitor my DNS logs with >> OSSEC and compare the queried domains to a cdb of suspected bad >> domains. I can also check the responses for IPs that I find to be >> suspicious. > >
