Hello Group, I was wondering how folks use ossec to search for IOC's (indicators of compromise). I have two choices I can use the OSSEC Web UI, or Kabana.
I looking for ideas (and specific query's) of how to hunt using ossec, and use it in general for security issues. I.E. I imagine a good query in Kabana might be looking for logins at off areas, and things like this. I would love to hear from ossec guru's and any links to specific resources are appreciated. Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
