Yes, you can either use AlienVault/OSSIM policy/action settings or directly OSSEC active-response module. More info at:
http://ossec-docs.readthedocs.org/en/latest/manual/ar/ar-custom.html On Fri, Dec 4, 2015 at 1:05 AM, <[email protected]> wrote: > Thanks Moorea !!!! This is what I want to say !! > > 在 2015年12月2日星期三 UTC+8下午11:00:51,Phillipa Moorea写道: > >> I think I can translate. Angelina needs to know if she can run a script >> when an alert is generated. She does not want to alert with emails because >> she gets too many emails. >> >> This might not help, but what we do is push our OSSIM alerts to an SEIM >> (Security Event and Incident Management). I am using AlienVault OSSIM, but >> there are many others out there that are probably more light weight. I >> believe it is from the SEIM that you can chart out the alerts and generate >> emails within SEIM when you get to a certain threshold of alerts or by some >> other measurement of your choice. >> >> I think a main SEIM vendor is Splunk. >> >> Not sure if that helps, hopefully others here can chime in too. >> >> On Wednesday, December 2, 2015 at 4:21:09 AM UTC-6, [email protected] >> wrote: >>> >>> >>> <https://lh3.googleusercontent.com/-4HYWh6In7qo/Vl7CAYVSNWI/AAAAAAAAAAc/B0kdTcflseQ/s1600/20131008233840_eGw2H.thumb.700_0.jpeg> >>> hello~everyone ,Ossec some problems bothering me ~~ ossec *data is hug* , >>> my leader let me to deal with this data.....artificial......yeap~~~~it >>> is means i will nalysis those data by my eyes !!!!!!!!!oh my god >>> !!!!!!!!!!!!!!! It's driving me crazy !!!!!! and I think I think >>> the most crazy people is my leader !!!! There are nearly 170000 data >>> !!!!!!!!!!!! so help ME ........... >>> the *function is : * use another way to* alert admin *, At present >>> ,OSSEC-agent collate logs and give OSSEC-Server , OSSEC-Server >>> analysis logs ,and use E-mail to alert admin through Rules , the >>> rules has level . i use e-mail . .but email too many , some >>> important messages i usually can not see and deal problems.... so i >>> want ask ,can i use anothor way to alert admin (not E-mail ) .can i >>> choose >>> *different ways of alarm* by the degree of emergency content. >>> OSSEC can *use Scripts ??*?????????????????????????????????? >>> iam gona be dead .................help ..............T_T....... >>> >>> My English is not very good,Please understand~~~~~~~~~~ >>> Thanks for your reply >>> >>> >>> <https://lh3.googleusercontent.com/-4HYWh6In7qo/Vl7CAYVSNWI/AAAAAAAAAAc/B0kdTcflseQ/s1600/20131008233840_eGw2H.thumb.700_0.jpeg> >>> angelina >>> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
