On Wed, Jun 17, 2020 at 9:15 AM sensato cybersecurity wrote:
>
> Would someone know if the following is possible?
>
> I have a product by the name of BitDefender which can produce a log - the log
> is in CEF format I believe. That log contains alerts that are raised by
> various endpoints being monitored by BitDefender.
>
> Is there a way I could deploy an OSSEC agent on the BitDefender server and
> read in the log it produces and send that information as alerts to the OSSEC
> server?
>
I don't know much about bitdefender, so it's hard to say. OSSEC can
install on most Windows and Linux systems. If it's a blackbox
appliance it would be a lot harder. Looking at their site there are a
lot of products. Which one are you using specifically?
Is the log file an actual file or does it log to a database or something?
> The log being produced by BitDefender is usually sent to a SIEM, so bascially
> I am trying to get the OSSEC agent to act as a mini-SIEM - reading custom
> logs.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/efe69c46-e7d5-45aa-8fc5-dc8bbae6cfaco%40googlegroups.com.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/CAMyQvMr2jiT-skJ4ivKWN%2BUV1CY%2Brb2p%3DbK5gfmeVBicWShMaA%40mail.gmail.com.
