If you follow me, you probably already know that I’m a big fan of OSSEC. I would like to thank 44Con for accepting my next training! If you are interested in learning cool stuff about OSSEC and how to integrate it with third-party tools/sources, this one is for you!
OSSEC is sometimes described as a low-cost log management solution but it has many interesting features that, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points. Its agent-based architecture allows the automation of many tasks performed during incident investigations.
During this training, you will learn the basics of OSSEC and its components, how to deploy it and quickly get results. The second part will focus on the deployment of specific rules to catch suspicious activities. From an input point of view, we will see how easy it is to learn new log formats to increase the detection scope and, from an output point of view, how we can generate alerts by interconnecting OSSEC with other tools like MISP, TheHive, or an ELK Stack / Splunk / … and add more contextual content with OSINT feeds. Finally, we will use the “Active-Response” feature to deploy useful scripts and improve your response capabilities.
The training is scheduled for September 14-15 2021, fully online. No need to travel, to book a hotel room… Just a browser and an SSH client are required to attend the training!
Interested? Book your seat here.