Actually, there is a solution for this, but it is a separate package that has to be installed and configured. It is called OSQUERY and can be found here:
https://osquery.io/ OSQUERY is open source under the Apache license. Like OSSEC, it runs on almost every platform. It can provide a HUGE amount of information about the client system. It was developed by Facebook as an asset management subsystem and uses its own structured query language for pulling data from clients. There are several third-party modules that have been developed for it as well, including an installer and auto-updater (Kolide launcher). The Kolide tool for auto-updating might be a good model for building a tool to auto-update OSSEC someday too. We have been looking at integrating OSQUERY with OSSEC for a while. The easiest way to do this would be to build a separate encrypted communication channel between the OSSEC server and OSQUERY. I will submit a pull request if we work all the details out for full integration. We are working on a PCI DSS compliant port monitoring tool for OSSEC right now that we will submit on a separate pull request when it is done. If anyone is interested, I will be at the OSSEC conference on Mach 20th. Best, Dave Stoddard Network Alarm Corporation -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
