I'm using LightSIEM - based on ELK system that can blow all OSSEC and Snort messages to sуmantec pieces with you can use in search queryes later.
вт, 22 сент. 2015 г. в 17:53, <[email protected]>: > Hello Group! > > I'm using the Logstash / Kibana (as well as the OSSEC basic web interface). > > In Kibana I use a table view to sort OSSEC events by number and this helps > zero in on suspicious events. While the basic web interface is fairly > featureless I found that going to the search screen and searching for > events of level 2 (lowest level) and then attack / misuse all sometimes > nets a event worth investigating. > > My question is how do folks use these tools (Kibana and basic OSSEC) > interfaces to hunt for IOC's and other events of interest? Are there other > tools I could be running against our OSSEC server. > > Any info or suggested query's are appreciated. > > Thanks, > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
