{"id":210,"date":"2007-11-21T22:24:27","date_gmt":"2007-11-21T22:24:27","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=210"},"modified":"2020-07-02T22:25:04","modified_gmt":"2020-07-02T22:25:04","slug":"ossec-snort-active-response","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2007\/11\/ossec-snort-active-response\/","title":{"rendered":"OSSEC + Snort Active Response"},"content":{"rendered":"\n<p><a href=\"http:\/\/spookerlabs.multiply.com\/\">Rodrigo Montoro<\/a>&nbsp;wrote a very&nbsp;<a href=\"http:\/\/spookerlabs.multiply.com\/journal\/item\/121\/Artigo_-_Criando_um_IDS_com_resposta_ativa_Snort_OSSEC\">interesting paper<\/a>&nbsp;on how to execute custom active responses using Snort CVS output and OSSEC. It also shows how to write custom rules and decoders\u2026 Good read!<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>This paper won\u2019t teach you to install or configure snort or OSSEC HIDS, my goal<br>here is to teach you use snort csv output and build rules at OSSEC for active response.<br>Ossec must be installed with active-response enabled\u2026<\/p><\/blockquote>\n\n\n\n<p>English version:&nbsp;<a href=\"http:\/\/www.brc.com.br\/artigos\/ossec-snort-activeresponse_english.pdf\">http:\/\/www.brc.com.br\/artigos\/ossec-snort-activeresponse_english.pdf<\/a><br>Portuguese version:&nbsp;<a href=\"http:\/\/www.brc.com.br\/artigos\/ossec-snort-activeresponse_pt-BR.pdf\">http:\/\/www.brc.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rodrigo Montoro&nbsp;wrote a very&nbsp;interesting paper&nbsp;on how to execute custom active responses using Snort CVS output and OSSEC. It also shows how to write custom rules and decoders\u2026 Good read! This paper won\u2019t teach you to install or configure snort or OSSEC HIDS, my goalhere is to teach you use snort csv output and build rules [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[7,5],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/210"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=210"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/210\/revisions"}],"predecessor-version":[{"id":211,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/210\/revisions\/211"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=210"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=210"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}