http://santi-bassett.blogspot.com/2014/09/osseccon-2014-malware-detection-with.html
Another option would be to glean the SHA1 values of malware, and create and use the Sysmon blacklist. But automating a blacklist of SHA1 values for malware, using Sysmon and a CDB list in OSSEC would be a method worth considering. This wouldn't work with the win_malware_rcl.txt and using IOCs from that angle. On Friday, January 8, 2016 at 4:05:40 AM UTC-8, 林威任 wrote: > > Hello,I has installed the server and agent of ossec. > I want to use OSSEC to detect malware on windows systems, > so I must add some codes to the win_malware_rcl.txt. > Then, I can analyse the logs file produced. > ps: this used by research. > Please give me some ideas. > Thank you very much. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
