SANS ISC

[SANS ISC] Hunting for Suspicious Processes with OSSEC

I published the following diary on isc.sans.edu: “Hunting for Suspicious Processes with OSSEC“:

Here is a quick example of how OSSEC can be helpful to perform threat hunting. OSSEC  is a free security monitoring tool/log management platform which has many features related to detecting malicious activity on a live system like the rootkit detection or syscheck modules. Here is an example of rules that can be deployed to track malicious processes running on a host (it can be seen as an extension of the existing rootkit detection features). What do I mean by malicious processes? Think about crypto miners. They are plenty of suspicious processes that can be extracted from malicious scripts… [Read more]

2 comments

  1. There is also a possibility to implement a search for new binary executed.
    I have some idea on how to do that with OSSEC.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.