A few months ago I blogged about Active Lists in OSSEC. Active lists are common in SIEM environments to store temporary sensitive data like IP addresses, user names or any other relevant information. Once stored in active lists, data can be reused in rules and the security of an infrastructure
Tag: OSSEC
Auditing MySQL DB Integrity with OSSEC
Databases are a core component in lot of applications and websites. Almost everything is stored in databases. Let’s take a standard e-commerce website, we can find in databases a lot of business critical information: about customers (PII), articles, prices, stocks, payment (PCI), orders, logs, sessions, etc. Like any component of
Send Events Safely to the Loggly Cloud
I received my Loggly beta account (thanks to them!) a few days ago and started to test this cloud service more intensively. I won’t explain again what is Loggly, I already posted an article on this service. For me, services like Loggly are the perfect cloud examples with all the
Implementing Active Lists in OSSEC
The second OSSEC week just ended. Here is a reflection about a feature that does not exist (yet?) in OSSEC. The goal of a SIEM (“Security Incidents and Events Management“) is to collect logs from multiple non-heterogeneous sources and process them to add some extra value to the events. To
This Blog is Monitored by OSSEC
As part of the second edition of the OSSEC week, I’d like to give some information about my daily usage of OSSEC. This week is an initiative from Michael Starks of Immutable Security and aim to promote OSSEC to the security community. I’m fully supporting such great initiatives. What about
PaloAlto Firewall Threat Monitoring Using OSSEC
Usually, I don’t speak or even try to give references to commercial security products on my blog. Why? Just because, my philosophy is the following: “First analyze the problems and then choose the right solution(s)“. The proposed solution could be commercial or free, hardware or software based, who cares? If
Splitting OSSEC Events in Splunk
When you decide to implement a new software solution, one of the choices you’ll certainly face is: “Commercial vs. free software”. No debate here: you’ve to make the best choice depending on the requirements. They can be technical constraints, budget, support, etc. I’m working with commercial solutions which perform (generally)
Detecting Fraud with OSSEC
For a while, it looks that “Fraud detection” is a hot-topic for many SIEM vendors (“Security Information and Event Management“). Recent presentations or webcasts I attended had always some time dedicated to “fraud”! The vendors can’t be blamed to find new opportunities to sell their products. Today they are solutions
Detecting USB Storage Usage with OSSEC
Next step in my investigations with OSSEC. The possibilities of OSSEC are awesome and could clearly, in some case, replace a commercial log management solution! After collecting the Secunia vulnerabilities into OSSEC, I switched to the “dark side”: the Microsoft Windows agent. The USB sticks are very popular at users
ISSA Belgium Chapter Meeting: Introduction to OSSEC
Back from the first ISSA Belgium Chapter Meeting of 2010. Today’s topic was “Introduction to OSSEC : Log Analysis and Host Intrusion Detection“. A very interesting topic for me. First because I’m involved in lot of SIEM projects. But especially because Wim Remes, the speaker, is a friend of mine.