For a while, malwares are in front of the security stage and the situation is unlikely to change in the coming months. When I give presentations about malwares, I always like to report two interesting statistics in my slides. They come from the 2012 Verizon DBIR: In 66% of investigated incidents,
Search Results for: ossec
Keep an Eye on Your Amazon Cloud with OSSEC
The Amazon conference “re:Invent” is taking place in Las Vegas at the moment. For a while, I’m using the Amazon cloud services (EC2) mainly to run lab and research systems. Amongst the multiple announcements they already made during the conference, one of them caught my attention: “CloudTrail“. Everything has already
Review: Instant OSSEC Host-Based Intrusion Detection System
The guys from Packt Publishing asked me to review a new book from their “Instant” collection: “OSSEC Host-Based Intrusion Detection“. This collection proposes books with less than 100 pages about multiple topics. The goal is to go straight forward to the topic. OSSEC being one of my favorite application, I
Improving File Integrity Monitoring with OSSEC
FIM or “File Integrity Monitoring” can be defined as the process of validating the integrity of operating system and applications files with a verification method using a hashing algorythm like MD5 or SHA1 and then comparing the current file state with a baseline. A hash will allow the detection of files content modification but
Attackers Geolocation in OSSEC
If you follow my blog on a regularly basis, you probably already know that I’m a big fan of OSSEC. I’m using it to monitor all my personal systems (servers, labs, websites, etc). Being a day-to-day user, I have always new ideas to extend the product , by using 3rd
Vulnerability Management: OSSEC & Secunia PSI
“Vulnerability Management“… This is an important topic for your corporate security. One of the steps in this process is the monitoring of your applications and operating systems. With hundreds (thousands?) of devices connected to your network, how to keep an eye on the applications and patches installed on all of
Detecting Defaced Websites with OSSEC
In the scope of the OSSEC Week, here is a quick contribution which can greatly help you to monitor suspicious changes on a website. Today, your corporate website is the very first contact you have with your customers, partners, press, etc. It’s your window to the world. Nobody can pretend
Mapping OSSEC Alerts with AfterGlow
This week is the third annual OSSEC week! A good initiative to promote this open source log management solution. This post is my first contribution to the OSSEC community, I hope to publish more posts if I’ve enough time. OSSEC is a excellent tool to collect and analyze the events
Feeding DShield with OSSEC Logs
The primary goal of a log management solution is to receive events from multiple sources, to parse and to make them available for multiple purposes: searching, alerting and reporting. But why not send some interesting events to another log management system or application? Usually, some inputs are added in the
OSSEC Speaks “ArcSight”
Log management… A hot topic! There are plenty of solutions to manage your logs. Like in all IT domains, there are two major categories: free and commercial tools. Both have pro and cons. No big debate here, contrariwise I’ll show you a good example of a mix between both worlds.