Hello! I'm building SIEM for OSSEC and Snort on ELK stack. You can find it on github: https://github.com/dsvetlov/lightsiem
Project contains redy for use logstash patterns and kibana dashboards. It supports authentication too. It also capable to send e-mails. Rules for e-mail alerting very flexible (based on logstash if[] else [] construction), but has itself's pros and cons. How you can use it? First of all you can setup filter for e-mail alerting for logins in off-hours. I haven't got ready sample, but i'll add it, Than you can create dashboard with filter on interesting events to track them visual. пт, 26 июня 2015 г. в 18:17, <[email protected]>: > Hello OSSEC Guru's, > > I'm trying to figure out how to create an OSSEC Query in Kibana (using the > ELK stack) that could identify logins at off-hours. I'm looking to hunt > for user logins at odd hours (I.E. a user logging in at 2 am on Sun), or > multiple brute-force attempts and so on. > > I would also be interested to hear how folks are using OSSEC and the ELK > stack in their hunting efforts for security anomalies and signs of > compromise. > > Thanks, > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
