OSSEC can be used to monitor a wide range of network devices. Switches, firewalls, and routers can be monitored for successful or failed logins, alerting if a port is down or if a vlan has changed, as well as reporting if there are any errors on the device. This can be accomplished via syslog data sent from the device (if supported) or through an SSH tunnel to the device in a agentless configuration. In this article, i will discuss the different methods which can be used to monitor network devices and cover some basics on Wazuh HIDS agentless configuration. […]
OSSEC is used for file integrity monitoring by thousands of companies. In this tutorial I will show you how to setup windows group policies, create custom decoders for security events, and apply rules for when an event occurs.
- A Manager with Wazuh HIDS v1.1
- Windows Agent (in this example, I will be using Windows Server 2012 R2)
- Test Lab (optional)
Step 1: Create a test user on your windows agent
Tools→ Computer management→ Local Users and Groups → Users
I created Jtest (short for Joe test user) and then added […]