On Tue, Aug 21, 2012 at 7:03 AM, Kholidy <[email protected]> wrote: > What about the evaluation using a specific attacks. Are there any rules > available online for some kind of attacks like DOS or SQL injection. Is > there any one has evualuated OSSEC against some attacks and get alerts that > explain that there is an attack detected. Right now, we get only alerts > with level numbers without any information about attack name or type. >
You should be getting more than a level number. You should get a description and possibly a rule id. But look at the rules. They provide as much information as people put into them. If you have links with more explanations for some of them, then we can definitely add them. Send us a patch. > On Thursday, August 16, 2012 3:58:07 PM UTC-7, JB wrote: >> >> You can try attacking sendmail, Apache server, ftp daemon, etc. and see if >> OSSEC rules trigger the alerts. >> >> >> On Tuesday, August 14, 2012 12:18:10 AM UTC-7, mohamed khalaf wrote: >>> >>> which module in metasploit can i use to test ossec attack rules >>> >>> if no which attack library can i use to test ossec rules to simulate >>> real attack to generate alerts
