Hi Jason,
I'm going to try to summarize my idea because is based on what i have been
read on the official website and in several forums and articles.
My idea is to have PF centralized in out-of-band mode, with snort
configured and nessus scan. This is what we got right now in an older
version.
The idea is to expand this deployment and begin install sensors in the
network. That sensor should contain snort, ossec-server, and pfdetector.
Since ossec deployment is capable to obtain a lot of information from the
agents and then analyze that data through decoders and finally trigger
alerts from rules, my integration idea is read that alert log, obtain data,
srcip, alertid, hostname(if possible),etc, all data useful for pf. Then
pfsensor parse and send that data to the centralize server and pf should
take an action.
The idea is to modify the code in a way that we have another configuration
option for violations, just like snort, suricata, nessus, u openvas.
So far my biggest worries here are the kind of info that ossec send, I
couldn't see the IP in logs, only hostname, but I need more test I started
this morning, and the deployment of the agents in the client.
Sorry for my bad English, let me know if the idea is clear or if I can
explain better,
Best Regards from Colombia,
On Mon, Mar 3, 2014 at 12:51 PM, Jason Frisvold <xenoph...@godshell.com>wrote:
> Juan Camilo Valencia wrote:
> > Hi Loick,
> >
> > Thanks for your quick reply, let me know what can I do to help achieve
> > this feature, I am not the most versatile guy in perl but I can't learn,
> > and for testing right now I'm setting up the environment with 4.1
> appliance.
>
> Ok, I'm intrigued .. What sort of integration are you talking about?
> OSSEC is incredibly powerful, but I'm not sure how it fits together with
> Packetfence, beyond the PF server being a client..
>
> > Thanks a lot,
> >
> > Best regards from Colombia,
>
> --
> ---------------------------
> Jason 'XenoPhage' Frisvold
> xenoph...@godshell.com
> ---------------------------
>
> "Any sufficiently advanced magic is indistinguishable from technology.\"
> - Niven's Inverse of Clarke's Third Law
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to
> Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and
> the
> freedom to use Git, Perforce or both. Make the move to Perforce.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-devel mailing list
> PacketFence-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-devel
>
--
JUAN CAMILO VALENCIA VARGAS
Ingeniero de Operaciones
SeguraTec S.A.S
Calle 11 # 43B-50 of 307
MedelllĂn Colombia
*"Choose a job you love, and you will never have to work a day in your
life"*
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-devel mailing list
PacketFence-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-devel
