No, I am not dead. Nor did I leave the project do so something else. I just took a few weeks off to rest (yes, even open source developers take vacation from time to time). Thanks for caring anyway 🙂
We are back now 100%.
Month: November 2007
bookmark_borderOSSEC + Snort Active Response
Rodrigo Montoro wrote a very interesting paper on how to execute custom active responses using Snort CVS output and OSSEC. It also shows how to write custom rules and decoders… Good read!
This paper won’t teach you to install or configure snort or OSSEC HIDS, my goal
here is to teach you use snort csv output and build rules at OSSEC for active response.
Ossec must be installed with active-response enabled…
English version: http://www.brc.com.br/artigos/ossec-snort-activeresponse_english.pdf
Portuguese version: http://www.brc.com