About Joe

This author has not yet filled in any details.
So far Joe has created 2 blog entries.

Monitoring Network Devices with OSSEC HIDS

OSSEC can be used to monitor a wide range of network devices. Switches, firewalls, and routers can be monitored for successful or failed logins, alerting if a port is down or if a vlan has changed, as well as reporting if there are any errors on the device. This can be accomplished via syslog data sent from the device (if supported) or through an SSH tunnel to the device in a agentless configuration. In this article, i will discuss the different methods which can be used to monitor network devices and cover some basics on Wazuh HIDS agentless configuration. […]

By |May 17th, 2016|0 Comments

File Integrity Monitoring and Windows security policies

OSSEC is used for file integrity monitoring by thousands of companies. In this tutorial I will show you how to setup windows group policies, create custom decoders for security events, and apply rules for when an event occurs.

Prerequisites

  • A Manager with Wazuh HIDS v1.1
  • Windows Agent (in this example, I will be using Windows Server 2012 R2)
  • Test Lab (optional)

Step 1: Create a test user on your windows agent

Tools→ Computer management→ Local Users and Groups → Users

I created Jtest (short for Joe test user) and then added […]

By |May 3rd, 2016|0 Comments