ok my bad, i assumed a full scan from nessus would give off some red flags because its so loud and im switching from snort "which would alert to things like nessus scans" to ossec. thanks for helping me see the light.
On Tue, Oct 2, 2012 at 10:07 AM, Kat <[email protected]> wrote: > Scanning does not necessarily provide a "blip". Do you have any kind of > tool logging scans or are you doing something beyond an nmap scan, such as > brute force login attemps. Something has to create a log entry for OSSEC to > see. Based on what you are saying - is there any kind of entry in any of > the event logs showing that a scan was happening? OSSEC would see that. > > >>
