On Sat, Aug 30, 2014 at 2:33 PM, Patrick S <[email protected]> wrote: > I can't seem to find information on if OSSEC understands CVE style attacks. > I know that it can correlate data from an IDS that explicitly states that X > attack was Y CVE; but is OSSEC capable of this detection? And if so, does > it make the association the CVE number? >
Define "CVE style attack." OSSEC can label things by CVE, but the rule has to have that information included. There isn't a huge push to do this, but we accept pull requests on github if you've got an itch (https://github.com/ossec/ossec-hids) > Many thanks, > > Patrick > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
