Newly published paper: Using Sysmon to Enrich Security Onion's Host-Level Capabilities <http://defensivedepth.com/2015/03/27/using-sysmon-to-enrich-security-onions-host-level-capabilities/>
Of particular note, I wrote an OSSEC decoder and a number of rules for Sysmon Event ID 1: Process Created... They can be found on Github <https://github.com/defensivedepth/Sysmon_OSSEC>... Feel free to tweak, contribute back, send feedback, etc Keep in mind that there may be issues with the current stable release (2.8) as the <eventchannel> bug is unfixed-- I believe the bug fix is slated to be released with 2.9...( https://github.com/ossec/ossec-hids/issues/224) -Josh -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
