OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
I'm testing Ossec as our IDPS solution, I chose the one-server-multiple-agents configuration as the agents will be installed on instances within an autoscaling group, I've managed to make everything work however the slack integration doesn't seem to work on the agents:
These are the configurations I've tried with little success
The closest I got were empty alerts on slack sent from the agent ossec-slack.sh script, but for my understanding it doesn't make sense as the alert should be sent from the server and not from the agent itself
I'm testing Ossec as our IDPS solution, I chose the one-server-multiple-agents configuration as the agents will be installed on instances within an autoscaling group, I've managed to make everything work however the slack integration doesn't seem to work on the agents:
These are the configurations I've tried with little success
with this on the server I'll get the alerts for server related logs only, and adding this directly to agent will trigger empty alerts on slack.
This do not work at all, and the same with
The closest I got were empty alerts on slack sent from the agent ossec-slack.sh script, but for my understanding it doesn't make sense as the alert should be sent from the server and not from the agent itself