-
Archives
- March 2013
- June 2012
- May 2012
- April 2012
- March 2012
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- February 2011
- January 2011
- October 2010
- September 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- August 2009
- June 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- May 2006
- March 2006
Monthly Archives: January 2007
Multiple 577 entries in the eventlog (from Windows)
I was monitoring the Windows logs from a client network and I noticed that a few boxes were constantly generating audit failure 577 events: WinEvtLog: Security: AUDIT_FAILURE(577): Security: xxx: XX-HQ: YY-HQ: Privileged Service Called: Server: Security Primary User Name: abc … Continue reading
Posted in log analysis, ossec, windows
Leave a comment
OSSEC Logo/Mascot contest
Can you guess what is missing in the ossec project? If you guessed a mascot (or a logo), you are right. Every open source project has one, but ourselves. How to fill this gap? If you are you a good … Continue reading
Posted in contest, mascot
Leave a comment
Eight daily steps to a more secure network
Michael Mullins wrote an interesting article with eight daily steps to secure your network. What I really liked is that at least 3 of these 8 steps mentioned involves looking at logs. He mentioned looking at antivirus, security and IDS/firewall … Continue reading
Posted in log analysis
4 Comments
Ossec Performance
A friend of mine recently asked me what is the maximum number of logs per second that ossec could handle, but I didn’t have an answer for him. I heard of a few reports of ossec handling more than 508 … Continue reading
Posted in log analysis, ossec
1 Comment
OSSEC version 1.0 is available
OSSEC version 1.0 is now publicly available. This version comes with numerous new features, including support for: Registry monitoring on Windows Dynamic/nat’ed IP addresses in the server/agent communication ASL (Apple system log) Lotus domino Symantec AV Windows RAR A full … Continue reading
Posted in ossec
Leave a comment
Security monitoring
Richard Bejtlich posted an excellent entry in his blog (taosecurity) about the difference between alert centric tools and Network Security Monitoring (NSM). He says: Network Security Monitoring (NSM) is different. Generating statistical, session, full content, and alert data gives analysts … Continue reading
Posted in log analysis, NSM, ossec
2 Comments
2006 OSSEC download numbers
As a late christmas gift to all curious OSSEC users out there, here is some information about the number of downloads in 2006 (note that I only included major released versions). I am very pleased to see that we went … Continue reading
Posted in ossec
Leave a comment
OSWUI (web ui) screenshots
As requested, I am attaching a few screenshots of our web ui. I will also post a link to a demo site later… Below is an explanation of each picture (click on them to expand). Main page. Show the agent … Continue reading
Windows registry monitoring (syscheckd)
I just completed adding support for monitoring the Windows registry on ossec. It seems to be fairly stable right now and hopefully a beta version will be available soon (lots of tests will be required). The configuration will have the … Continue reading
OSSEC Web UI beta 2 available
The second beta version of oswui (ossec web ui) is available. It has numerous bug fixes (for all issues reported so far) and new features, including support for php5 and major design improvements made by Rafael Capovilla. Download it from … Continue reading
Posted in ossec, ossec-ui
31 Comments