hello！I want to konw which files are used to generate alerts in AIT-LDSv1.1

ait-aecid / aecid-alert-aggregation

A method for grouping, clustering, and merging semi-structured alerts

GNU General Public License v3.0

16 stars 4 forks source link

hello！I want to konw which files are used to generate alerts in AIT-LDSv1.1 #1

Open int-man opened 1 year ago

int-man commented 1 year ago

hello！I want to konw which files are used to generate alerts in AIT-LDSv1.1

landauermax commented 1 year ago

Hi! We tried to include as many files as possible; it should be the following list of files:

/apache2/-access.log
/apache2/-error.log
/audit/audit.log
/exim4/mainlog
/suricata/eve.json
/suricata/fast.log
/auth.log
/daemon.log
/syslog'

But not all of them reported alerts when running AMiner and Wazuh/OSSEC on them. If you look at the location field in the alerts generated by Wazuh/OSSEC, you can actually see the name of the input log file. Hope this helps!