On Wed, Sep 19, 2012 at 2:27 PM, Michael Starks <[email protected]> wrote: > On 19.09.2012 05:22, C. L. Martinez wrote: >> >> Hi all, >> >> Somebody have tried to configure OSSEC to extract alerts from a >> McAfee ePO server that uses a sql express a database repositories for >> events?? I am trying to extract some info from ePO database like >> events, virus detected, etc and then parse with OSSEC. >> >> Thanks. > > > I haven't tried querying the database, but ePO has automatic responses, > which themselves have some correlation capabilities, but they also can run > an external command using registered executables. This means you can use a > syslog client. See here: http://www.youtube.com/watch?v=XykFT1_8N4k
Thanks Michael. I had found this video by doing some search via Google. The problem is that I can only extract information through sql scripts. I can not install additional software on that server.
