On 19.09.2012 05:22, C. L. Martinez wrote:
Hi all,
Somebody have tried to configure OSSEC to extract alerts from a
McAfee ePO server that uses a sql express a database repositories for
events?? I am trying to extract some info from ePO database like
events, virus detected, etc and then parse with OSSEC.
Thanks.
I haven't tried querying the database, but ePO has automatic responses,
which themselves have some correlation capabilities, but they also can
run an external command using registered executables. This means you can
use a syslog client. See here:
http://www.youtube.com/watch?v=XykFT1_8N4k
