Created a page on the NOC reputation checker to track the JNDI (log4j) exploits that are going around.
DNS Database repository available - search for any IPs and domains.
We are always expanding and improving the CleanBrowsing anycast network. More POPs launched.
On some personal news, I just got the 1st degree on my BJJ blackbelt.
Decentralize the web again. We are giving too much control and power to a few players.
New Mastodon instance - noc.social - available for anyone to use.
Presenting at OSSECcon2019, about the story and the beginning of OSSEC.
WordPress Performance Optimization Guide for the Sucuri Blog
As promised, I didn't let the momentum die off. Releasing today v2016-04 with multiple improvements to our log engine and rootcheck.
One more release to keep the momentum going. Included the last work with the different_* option in the rules, along with MaxMind by default and new rules.
I guess I didn’t keep my promise to push my OSSEC changes into the open source world as often as I would wanted. But at least I made up with some nice new features..
Linux Sudo: The most misused security tool ever - NOPASSWD: ALL
The S in HTTPS does not equal to a secure site - a lot more is needed to have a secure site.
Indicators of Compromised Behavior (IOCd-B) using log analysis.
Always assume the worst - that someone might be watching what you do online.
How to get start and contribute to an open source project.
Using your phone and SMS as a 2FA - Why that might not be a good idea.
Sucuri CloudProxy WAF - Not your traditional WAF.
I am seeing many scans for the PHP-CGI vulnerability in the wild and put up a quick OSSEC rule to detect/block those.
Very few people pay attention to database logging, and in this article we will explain how to enable logging for PostgreSQL and MySQL.
Setting up OSSEC - A step by step guide on how to install and configure OSSEC.
An easy way to monitor the integrity of your DNS is by checking remotely that the A/AAAA records have not been changed.
Detecting outdated open source (web) applications with OSSEC: WordPress, Joomla, etc.
Improved reporting for file changes on OSSEC to display the files and locations.
Running multiple OSSEC decoders on the same event to extract additional information from the logs.
Blocking repeated offenders with OSSEC by increasing the block timeout every time.
What is a good password? Let's explore common knowledge of what is a bad and a good password.
Automatically creating and setting up the agent keys for authd on OSSEC
I just got this award daemon via the mail today from the OSSEC community.
How to contribute to OSSEC and any other open source project.
We are very happy to announce the availability of OSSEC version 2.5.
We are very happy to announce the availability of OSSEC version 2.4.
If you want to create OSSEC alerts when a log or the output of a command changes, take a look at the new check_diff option.
I am happy to announce the arrival of the newest member of the OSSEC team: Priscila!
We are very happy to announce the availability of OSSEC version 2.3.
How to monitor process and their output with OSSEC
Q&A: OSSEC, the open source host-based intrusion detection system with Daniel Cid
How to compile the OSSEC Windows agent from a Linux system using Mingw.
We are very happy to announce the availability of OSSEC version 2.0.
I was glad to read that Richard Bejtlich considered the OSSEC book one of his best reads of 2008.
We just added support to allow you to send OSSEC alerts to a remote syslog server.
OSSEC project acquired by Third Brigade
We are very happy to announce the availability of OSSEC version 1.5
Ugliest application logs ever. Can we have a winner?
OSSEC book is out and ready for pre-order.
Syslog - Last message repeated X times. One of the least useful features on syslog daemons.
OSSEC helping at Defcon's 'Own the Box' competition.
Bruce Schneier on log analysis - did you know he is a fan of logging?
OSSEC will be switching to the GPLv3 in the next release.
Hidden ports on Linux - used but not showing on netstat
Remote log injection paper - attacking log analysis tools just released.
During the month of May I went to AusCERT and Confidence to talk about OSSEC (i.e. Log analysis using OSSEC).
Daily/Chained checksum of ossec alerts for log integrity.
Performance testing results for OSSEC v1.1 - expanded.
I am happy to announce the arrival of the newest member of the OSSEC team: Davi!
Security monitoring and log analysis to complement your other intrusion detection tools.
2006 OSSEC download numbers from from version 0.5 to 0.9.3
Logging authentication events from Cisco IOS routers
In this paper, we will investigate log analysis techniques and its use for intrusion detection.
Username and password analysis of SSH brute force scans and attacks.