Note: I mistakenly sent this post to only paying subscribers yesterday, but it was supposed to be for all subscribers. I apologize to those of you who are getting this twice. OSSEC is a popular Host Intrusion Detection System (HIDS). It is very capable out of the box at notifying system administrators of indicators of compromise such as suspiciously changed files and taking action against badly behaving IP addresses that are doing nasty things like credential stuffing. OSSEC doesn’t need a lot of fancy configuring - its basic functions just work after install, and most of the fun comes from configuring it. This article isn’t a deep dive into OSSEC, but it is an overview of one of my favourite features: OSSEC custom integrations.
Custom OSSEC Integrations
Custom OSSEC Integrations
Custom OSSEC Integrations
Note: I mistakenly sent this post to only paying subscribers yesterday, but it was supposed to be for all subscribers. I apologize to those of you who are getting this twice. OSSEC is a popular Host Intrusion Detection System (HIDS). It is very capable out of the box at notifying system administrators of indicators of compromise such as suspiciously changed files and taking action against badly behaving IP addresses that are doing nasty things like credential stuffing. OSSEC doesn’t need a lot of fancy configuring - its basic functions just work after install, and most of the fun comes from configuring it. This article isn’t a deep dive into OSSEC, but it is an overview of one of my favourite features: OSSEC custom integrations.