Stack Overflow
Stack Overflow

Questions tagged [ossec]

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.

Visit our website for the latest information. ossec.github.io

44 questions
0
votes
2 answers

WAZUH/OSSEC - overwriting rules doesn't seem to work

I'm trying to overwrite a rule as per documentation, like this https://documentation.wazuh.com/3.12/learning-wazuh/replace-stock-rule.html So I've copied one rule to local_rules.xml, created my own group (prior to that also tried to put it within…
Istvan Prosinger
  • 145
  • 2
  • 11
0
votes
1 answer

Is there some way to run ossec win32ui in powershell

I want to run ossec Windows Agent service(ossec win32ui.exe) automatically by powershell. Like the ossec-control in ossec Linux agent. Is there some way that can achieve this goal? the result after I run win32ui.exe in powershell In fact, in this…
瓜瓜呱
  • 1
0
votes
0 answers

Installing OSSEC agent on a container. The ossec install script (install.sh) falls and loops infintely when passing arguments via script

Basically I am going to have a whole bunch of ubuntu containers that are going to have ossec agent installed that will communicate with a main server. I want to automate the installation so using the docker RUN variable in the dockerfile I wrote a…
TecGuy94
  • 49
  • 1
  • 8
0
votes
0 answers

Run shell script with file lines as user input for shell script through ansible playbook

i have shell script which require 4 user input for its execution. I had a 4 files which had a lines used for shell script input. I want to run that shell script to my ansible host through ansible controller. is it possible do that???
Ashjoker
  • 51
  • 3
  • 5
0
votes
1 answer

Change ossec(wazuh) agent profiles via saltstack

I'm trying to modify the section of a ossc.conf file, including a grains content. something like: ossec-profiles: - profile1 - profile2 and I want to modify the section from centos,…
Marcello Percoco
  • 3
  • 1
0
votes
1 answer

OSSEC_HIDS Kubernetes Deployment

Which would be the best HIDS (HostBase Intrusion Detection System) to deploy on Kubernetes Google Cloud Platform I want to build docker image on debian:stable-slim So I have been testing the ossec-docker and wazuh-docker here are repos…
D. Naik
  • 13
  • 3
0
votes
1 answer

OSSEC server or wazuh server to Logstash to Qradar pipeline

In my present lab setup I have few windows machines and linux machines with ossec agent installed and sending logs to ossec server. From OSSEC server I am forwarding the logs via syslog output to logstash. In logstash I am not doing any…
iamvishnuks
  • 105
  • 8
0
votes
0 answers

Logs issue of OSSEC installed on virtual machine of ubuntu linux in Azure

I installed OSSEC on virtual machine(node) of ubuntu linux in Azure by following https://blog.rapid7.com/2017/06/30/how-to-install-and-configure-ossec-on-ubuntu-linux/ OSSEC got installed and running properly but when tried to act as intruder, logs…
Soumya S
  • 21
  • 6
0
votes
1 answer

Directories for Ossec FIM

I am new to Ossec, and have recently installed it on a server forthe company I am currently working for. This server monitors 80 Windows 7 agent machines. The main purpose for setting up Ossec on these agent machines was so we could deploy file…
Alex Osborne
  • 1
  • 1
0
votes
3 answers

NGINX logs in WAZUH

I am using NGINX in my setup, and wazuh for IDS. I want to check all nginx logs (access/error) logs in wazuh kibana, but I am unable to do so. All the logs are forwarded to " /var/ossec/logs/archives/archives.log ", and they are not visible in…
Sulaiman
  • 101
  • 1
  • 1
0
votes
1 answer

Intrusion Detection System OSSEC

I configured the OSSEC by following the procedure from https://blog.rapid7.com/2017/06/30/how-to-install-and-configure-ossec-on-ubuntu-linux/ this site. but after configuration, when I tried /var/ossec/bin/ossec-control restart I got ossec-monitord…
Priyasmini Sahoo
  • 9
  • 1
0
votes
1 answer

WAZUH All Commands monitor

How to monitor each and every command executed by user, even in sudo level. I have configured audit rules and they are appearing in audit.logs, but I want to view each command timely from server to Kibana/wazuh manager. enter image description here
Sulaiman
  • 101
  • 1
  • 1
-1
votes
1 answer

Having difficulties to connect the OSSEC server with OSSEC agent using private instance in ubuntu 18.04

I have installed the OSSEC server in a public instance and the OSSEC agent in a private instance on AWS in the same VPC. I have successfully installed the OSSEC server and agent, but can't connect the server with the agent. I was referring below…
Ganesh Swain
  • 1
  • 1
1 2
3