If you were going to create a top ten alerts email from OSSEC logs, I just wondering what folks would alert on?
What's the best way to detect fraudulent privileged account usage? I find it very challenging to pick it out from legit activity. Maybe authentication without a password to detect hash usage / mimikatz? What are some of the other queries folks try to pick out evil from all the noise? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/56884b1c-c865-4c84-82d7-70b1a4750d00%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
