-
> AgentSmith-HIDS 的定位就是一款轻量级,高性能的情报采集工具,首先可以检测如:反弹shell,执行可以命令,下载恶意程序,一些Rootkit等等NIDS的死角。其次可以和NIDS/CMDB完成联动,达到:PID+PPID+nodename+cmdline+cwd+user+exe+TCP/UDP五元组+部分协议的原始数据+业务相关信息+FW_RULE+NIDS/HIDS规则I…
-
/var/ossec/ruleset/rules
/var/ossec/ruleset/decoders
/var/etc/ossec-init.conf
-
可以参考以下项目
https://github.com/slackhq/go-audit
打patch的方式容易引起系统不稳定, 系统原生自带的auditd不是更稳定? go-auditd也是可以通过netlink的方式获取到以上信息.
-
Hey it would be great if someone can help me out,
I'm having issues with the kibana app. it says elastic search template is not found.
Also I'm having trouble registering wazuh agents to the manager…
ghost updated
5 years ago
-
> https://github.com/DianrongSecurity/AgentSmith-HIDS/blob/master/doc/AgentSmith-HIDS%20Hook%20Design%20BencheMark(Netlink).md
由于 hook的是系统调用,wrk是web的benchmark工具,个人觉得不能很好的反映实际对系统影响
我们这边测试 audit由于…
-
**Describe the bug**
I was checking if https://github.com/zephyrproject-rtos/zephyr/pull/14938 could fix the issue "BLE HID sample fails to reconnect on Windows 10 tablets - Wrong Sequence Number (…
-
Currently, I use **ossec-authd** to register a new agent and **manage_agents** to remove a agent . I face to an issue that the agent ID keep growing up( even some agent have been removed from ossec se…
-
Email alert doesn't show the changes, but the alert.log is work.
Email alert
> OSSEC HIDS Notification.
> 2018 Nov 12 16:01:49
> Received From: (nagios-server185) xxxxxxx->syscheck
> Rule: 550 …
-
I'll give a description on what i'm working on first:
I am intercepting the calls Overwatch makes, and redirecting them to SSE. There is a list of colors that makes up the effect. I am assuming ind…
arxae updated
5 years ago
-
Check [CONTRIBUTING guideline](https://github.com/fluent/fluentd/blob/master/CONTRIBUTING.md) first and here is the list to help us investigate the problem.
- fluentd or td-agent version.
2.5
-…