OSSEC + Snort Active Response

Rodrigo Montoro wrote a very interesting paper on how to execute custom active responses using Snort CVS output and OSSEC. It also shows how to write custom rules and decoders… Good read!

This paper won’t teach you to install or configure snort or OSSEC HIDS, my goal
here is to teach you use snort csv output and build rules at OSSEC for active response.
Ossec must be installed with active-response enabled…

English version: http://www.brc.com.br/artigos/ossec-snort-activeresponse_english.pdf
Portuguese version: http://www.brc.com.br/artigos/ossec-snort-activeresponse_pt-BR.pdf

This entry was posted in ossec, snort. Bookmark the permalink.

One Response to OSSEC + Snort Active Response

  1. David Velasquez says:

    The document is a 404 Not Found!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>