Hello OSSEC Guru's, I'm trying to figure out how to create an OSSEC Query in Kibana (using the ELK stack) that could identify logins at off-hours. I'm looking to hunt for user logins at odd hours (I.E. a user logging in at 2 am on Sun), or multiple brute-force attempts and so on.
I would also be interested to hear how folks are using OSSEC and the ELK stack in their hunting efforts for security anomalies and signs of compromise. Thanks, -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
