OSSEC presentation at Ottsec

Last month I did a presentation about OSSEC for the Ottawa security group.

I showed some custom rules that I have been using for a while (to monitor MSN usage, internal http user agents, etc).

The core of the presentation starts at slide 11, if you want to skip through the definitions of HIDS, OSSEC, etc.

Link: https://dcid.me/ossec-docs/ossec-ottsec.pdf

Posted in ossec presentation by Daniel Cid (dcid)

Daniel Cid Research

In this section you will find some of my research, project and articles. Look around and if you have any questions, reach out.

My companies

If you want to check out my current companies:

* CleanBrowsing
* Trunc
* NOC.org

And my other projects.

Latest articles

Latest articles from my blog.

2021-12-16
log4j honeypot logs - jndi exploit

2021-11-14
DNS Database repository available

2021-10-11
CleanBrowsing Anycast Network is Growing

2021-06-11
1st degree BJJ blackbelt

2020-09-02
Decentralize the web - again

2020-06-11
Mastodon Instance - noc.social

2019-03-20
OSSEC conference - 2019 - The untold story of OSSEC

2017-01-19
WordPress Performance Optimization Guide

2016-04-07
OSSEC v2016-04: Improving detection

2016-02-03
OSSEC v2016-02: New rules options + GeoIP by default

2015-12-30
OSSEC v2015-12: GeoIP + Integratord

2015-02-02
Sudo: The most misused security tool ever

2014-10-26
The S in HTTPS does not equal to a secure site

2014-10-09
Indicators of Compromised Behavior (IOCd-B)

2013-06-20
Always assume the worst

2013-05-12
How to get start contributing to an open source project

2013-04-19
Using your phone SMS as 2FA

2013-03-16
Sucuri WAF - Not your traditional WAF

2012-05-09
OSSEC rule for the PHP-CGI vulnerability

2012-05-08
Database Logging (PostgreSQL and MySQL)

2012-04-21
Setting up OSSEC - Step by step guide

2011-10-25
3WoO: Alerting on DNS (IP Address) changes

2011-09-21
Detecting outdated (web) applications with OSSEC

2011-05-26
Improved reporting for file changes on OSSEC

2011-04-05
Running multiple OSSEC decoders on the same event

2011-02-11
Blocking repeated offenders with OSSEC

2011-02-01
What is a good password?

2011-01-19
Automatically creating and setting up the agent keys for OSSEC

2010-10-20
OSSEC Award daemon

2010-10-19
How to contribute to OSSEC

2010-09-27
OSSEC v2.5 released

2010-04-01
OSSEC v2.4 released

2010-03-11
OSSEC Alerting when a log or output of a command changes

2010-02-09
New member of the OSSEC team: Priscila Cid

2009-12-07
OSSEC v2.3 released

2009-11-05
Process monitoring with OSSEC

2009-08-21
Q&A: OSSEC interview with Daniel Cid

2009-06-12
Compiling the Windows Agent from a Linux system

2009-02-27
OSSEC v2.0 released

2009-01-02
OSSEC book as Best Book Bejtlich Read in 2008

2008-07-25
Sending OSSEC alerts via syslog

2008-06-17
Third Brigade acquires OSSEC

2008-05-01
OSSEC v1.5 released

2008-01-24
Ugliest application logs ever

2008-01-23
OSSEC book is out

2007-12-18
Syslog - Last message repeated X times (rant)

2007-09-05
OSSEC at the 'Own the Box' competition

2007-08-20
Bruce Schneier on log analysis

2007-07-12
OSSEC switching to GPLv3

2007-06-29
Hidden ports on Linux

2007-06-06
Remote log injection paper

2007-06-02
OSSEC Presentations at AusCERT/Confidence

2007-05-01
Daily/Chained checksum of OSSEC alerts

2007-04-10
OSSEC performance testing (v2)

2007-03-18
New member of the OSSEC team: Davi Cid

2007-01-10
Security monitoring with your Logs

2007-01-09
2006 OSSEC download numbers

2006-11-13
Logging authentication events from Cisco IOS

2006-05-02
Log analysis for intrusion detection

2006-03-20
Analysis of SSH brute force attacks

Contact us!

Do you have an idea for an article that is not here? See something wrong? Contact us at realpeople@noc.org

Tired of price gouging

Clear pricing. No need to guess. Real people. Real logging.