On Mon, May 7, 2018 at 1:09 AM, Vibin K Madampath wrote:
> Appreciate any help.
>
> Regards,
> Vibin
>
> On 3 May 2018 at 15:13, Vibin K Madampath wrote:
>>
>> Hello Team,
>>
>> OSSEC is not reporting the file content changes thru email even though it
>>
On Fri, May 4, 2018 at 7:21 PM, DG wrote:
> Hi,
>
> I am a total newb to ossec so I apologize ahead of time. I have been tasked
> to see if OSSEC can be leveraged to alert on TLS version used for
> connections on a given instance/vm/computer.
>
> So far I know if I have
On Mon, May 7, 2018 at 10:13 PM, dan (ddp) wrote:
> On Mon, May 7, 2018 at 2:57 AM, Александр Канайкин
> wrote:
>> Hi guys!
>>
>> Is there an ability to configure resolving hostname in alert from syslog
>> device (not an agent)?
>>
>> For example can :
On Mon, May 7, 2018 at 2:57 AM, Александр Канайкин
wrote:
> Hi guys!
>
> Is there an ability to configure resolving hostname in alert from syslog
> device (not an agent)?
>
> For example can :
>
> Received From: ids->10.10.19.1
>
> look like
>
>
> Received From:
Hello,
If it helps, we use labels (Wazuh) on every agent so that we have the host name
for every log, even if the host name and ip are not in the logs. We have our
own agent that installs the ossec, Nessus and all beats agents and populates
the labels automatically for all of our customers.
Thanks anyway. Still searching for resolution.
On Mon, May 7, 2018, 21:36 David Lang wrote:
> Sorry, I'm replying to a different mailing list than I thought I was (I
> thought
> I was replying to a message on the rsyslog mailing list)
>
> On Mon, 7 May 2018, David Lang wrote:
>
>
Sorry, I'm replying to a different mailing list than I thought I was (I thought
I was replying to a message on the rsyslog mailing list)
On Mon, 7 May 2018, David Lang wrote:
please log some message using the template RSYSLOG_DebugFormat so that we can
see what variables are in there.
There
please log some message using the template RSYSLOG_DebugFormat so that we can
see what variables are in there.
There is not a direct way to call name resolution if you have an IP address in
the content, but you could use a table lookup.
David Lang
Thanks Bill. This makes complete sense. In fact it is something I had
tested (searching through log for a match). I was curious if there is a way
to have OSSEC perform TLS version checks rather than introducing a
script/program that looks for TLS, writes to a log and then have OSSEC
parse
Hello
As we discussed
here: https://groups.google.com/forum/#!topic/wazuh/vdKsdOQX0QE
Sysmon provides the information that you need.
Hope it help.
Best regards,
Alberto R.
On Wednesday, April 25, 2018 at 7:28:01 PM UTC+2, Aj Navarro wrote:
>
> Hi everibody…
>
>
>
> Can the rootchek
Easiest is to write a local rule using the Match directive Example
Found TLS version Lower than V1.2
You can use ossec-logtest to verify the results
was it helpful?
On Friday, May 4, 2018 at 7:23:08 PM UTC-4, DG wrote:
>
> Hi,
>
> I am a total newb to ossec so I apologize ahead of time. I
Indeed the problem is the compiled rule :
/* Example 4: Checking if a HTTP request is a simple GET/POST without a
query * This avoid that we call the attack rules for no reason. */
void *is_simple_http_request(Eventinfo *lf){
if (!lf->url) {return (NULL);}
/* Simple GET /
Hello Richard
You could be able to forward this event channel by XPATH query like this:
USB
eventchannel
\
\
\*\
\
\
But, unfortunately, Ossec doesn't allow to scape some characters. This is
fixed in this commit:
Hi guys!
Is there an ability to configure resolving hostname in alert from syslog
device (not an agent)?
For example can :
Received From: ids->10.10.19.1
look like
Received From: ids->asa123
or
Received From: ids->asa123.example.com
Thanks in advance.
--
---
You received this
14 matches
Mail list logo