Hello Group! I'm using the Logstash / Kibana (as well as the OSSEC basic web interface).
In Kibana I use a table view to sort OSSEC events by number and this helps zero in on suspicious events. While the basic web interface is fairly featureless I found that going to the search screen and searching for events of level 2 (lowest level) and then attack / misuse all sometimes nets a event worth investigating. My question is how do folks use these tools (Kibana and basic OSSEC) interfaces to hunt for IOC's and other events of interest? Are there other tools I could be running against our OSSEC server. Any info or suggested query's are appreciated. Thanks, -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
