You'll find even a default install will start alerting you to a lot of things..
Chris Billson [cid:[email protected]] *(Head Office 0161 406 1820) *(Support 0161 406 1830) For more information on our products and services please visit our website www.vodat-int.com<http://www.vodat-int.com/> [cid:[email protected]] [cid:[email protected]] [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of vtrack Sent: 13 August 2013 07:16 To: [email protected] Subject: [ossec-list] Re: Use cases for OSSEC Thanks for your reply. We do not intend to use OSSEC for checking core failures like hardware, drive failures etc.. but especially use for Operating system integrity checks, and alerts for any malicious activities. From what you mentioned, looks like I need to add specific rules to enable such alerts. I would take a look at the rules, syntax etc to get this running on our systems. Please let me know if you have any pointers. Thanks again. On Monday, August 12, 2013 9:38:18 PM UTC+5:30, David Blanton wrote: Your alerting system is something only you and your management team can decide on. If you wish to get an e-mail/text on all of the above, go for it. Our team took a more minimalist approach, only getting alerts on critical errors: hardware failure, attacks, malware, critical logs to our production network, et al so we can take immediate action. Everything below alert level 2, does not get logged because of the 'Unknown problem in the system' rule (very helpful). Root su, opened sessions, closed sessions, successful ssh's do not get fired in our deployment because it is something that is redundant and makes parsing through the logs more tedious. If you could give us an idea of what your network does, we could give you a better idea of what you could have OSSEC look for. If it's a general network at work, I would look into monitoring disk space, firewalls, malware, and unsuccessful sudo's to su/root sessions. You will notice that there are tens of thousands of rules in OSSEC that can be used to fire an alert, and it has the capability to do so much. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/groups/opt_out. ________________________________ This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Vodat International is a limited company registered in England and Wales. Registered number: 04380546. Registered office:Unit A9 Pearmill Estate,Stockport Road West,Bredbury,Stockport,SK6 2BP -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
<<inline: image001.jpg>>
<<inline: image008.jpg>>
<<inline: image009.jpg>>
<<inline: image010.jpg>>
