search

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
https://securityonion.net
3.06k stars 521 forks source link

OSSEC: add decoders/rules for sysmon #707

Closed dougburks closed 5 years ago

dougburks commented 9 years ago

https://github.com/defensivedepth/Sysmon_OSSEC

dougburks commented 7 years ago

newer versions of OSSEC may already include sysmon decoders: https://github.com/ossec/ossec-hids/releases

dougburks commented 5 years ago

Wazuh already includes sysmon decoders, so this will happen automatically as part of #708

dougburks commented 5 years ago

submitted for testing: https://groups.google.com/d/topic/security-onion-testing/kfn9Yb3n0xw/discussion

dougburks commented 5 years ago

Published: https://blog.securityonion.net/2018/10/wazuh-361-elastic-641-and-associated.html