-
Notifications
You must be signed in to change notification settings - Fork 523
OSSEC
From http://ossec.github.io/:
OSSEC watches it all, actively monitoring all aspects of system activity with file integrity monitoring, log monitoring, rootcheck, and process monitoring.
Security Onion uses OSSEC as a Host Intrusion Detection System (HIDS). OSSEC is monitoring and defending Security Onion itself and you can add OSSEC agents to monitor other hosts on your network as well.
Additionally, you may want to:
For more information about OSSEC, please see:
http://ossec.net
Sometimes, OSSEC may recognize legitimate activity as potentially malicious, and engage in Active Response to block a connection. This may result in unintended consequences and/or blacklisting of trusted IPs.
You can whitelist your IP address and change other settings in /var/ossec/etc/ossec.conf to prevent
this from occurring:
<global>
<white_list>desired_ip</white_list>
</global>
You can add new rules and modify existing rules in /var/ossec/rules/local_rules.xml.
The OSSEC agent is cross platform and you can download agents for Windows/Unix/Linux/FreeBSD from the OSSEC website. Once you've installed the OSSEC agent on the host(s) to be monitored, then perform the steps defined here:
http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-management.html#managing-agents
You may need to run so-allow to allow traffic from the IP address of your OSSEC agent(s).
Many individuals require or prefer the ability to automatically deploy OSSEC agents on endpoint machines. Although this is currently untested and unsupported, Auto-OSSEC provides a method for achieving this goal.
For more information, please see: https://github.com/binarydefense/auto-ossec
Download the Windows OSSEC agent here:
https://bintray.com/artifact/download/ossec/ossec-hids/ossec-agent-win32-2.8.3.exe
Download the Linux/Unix agent here:
https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs