I'm using Sguil in SecurityOnion and am sending a lot of OSSEC alerts to it. I would like to suggest adding a DB user field and column in the interface. This could be used to create auto cats for certain users identified in OSSEC alerts and also for tracking user history with OSSEC alerts.
Adding the ability to extract the user to the agent that sends the alerts to Sguil is something I can add along with providing the OSSEC decoders.
I'm using Sguil in SecurityOnion and am sending a lot of OSSEC alerts to it. I would like to suggest adding a DB user field and column in the interface. This could be used to create auto cats for certain users identified in OSSEC alerts and also for tracking user history with OSSEC alerts.
Adding the ability to extract the user to the agent that sends the alerts to Sguil is something I can add along with providing the OSSEC decoders.