Category Archives: snort

OSSEC + Snort Active Response

Rodrigo Montoro wrote a very interesting paper on how to execute custom active responses using Snort CVS output and OSSEC. It also shows how to write custom rules and decoders… Good read! This paper won’t teach you to install or … Continue reading

Posted in ossec, snort | 1 Comment

Correlating multiple snort IDS with ossec

I was asked recently what is the best way to correlate multiple snort events with OSSEC. The idea would be to generate an ossec alert (by e-mail and possible an active response) if a specific number of snort rules are … Continue reading

Posted in log analysis, ossec, snort | Leave a comment