On Fri, Mar 27, 2015 at 9:27 AM, DefensiveDepth <[email protected]> wrote: > Newly published paper: Using Sysmon to Enrich Security Onion's Host-Level > Capabilities > > Of particular note, I wrote an OSSEC decoder and a number of rules for > Sysmon Event ID 1: Process Created... > > They can be found on Github... Feel free to tweak, contribute back, send > feedback, etc >
If you want to contribute them, we do enjoy pull requests. > Keep in mind that there may be issues with the current stable release (2.8) > as the <eventchannel> bug is unfixed-- > > I believe the bug fix is slated to be released with > 2.9...(https://github.com/ossec/ossec-hids/issues/224) > > -Josh > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
