{"id":244,"date":"2007-07-26T22:39:00","date_gmt":"2007-07-26T22:39:00","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=244"},"modified":"2020-07-02T23:03:02","modified_gmt":"2020-07-02T23:03:02","slug":"windows-policy-monitoring","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2007\/07\/windows-policy-monitoring\/","title":{"rendered":"Windows policy monitoring"},"content":{"rendered":"\n<p><a href=\"http:\/\/www.ossec.net\/\">OSSEC<\/a>&nbsp;v1.3 will come with support for Windows policy monitoring, allowing you to verify that all your systems conform to a set of policies regarding configuration settings, applications usage, etc. They are configured centrally on the ossec server and pushed down to all your agents.<\/p>\n\n\n\n<p>With the Windows policy monitoring, you can get alerts like the following (detecting Skype and Yahoo):<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>2007 Jul 22 17:42:57 Rule Id: 514 level: 2<br>Location: (winhome) 192.168.2.190-&gt;rootcheck<br>Windows application monitor event.<\/p><p><strong>Application Found: Chat\/IM \u2013 Yahoo.<\/strong><\/p><p>2007 Jul 22 17:42:57 Rule Id: 514 level: 2<br>Location: (winhome) 192.168.2.190-&gt;rootcheck<br>Windows application monitor event.<\/p><p><strong>Application Found: Chat\/IM\/VoIP \u2013 Skype.<\/strong><\/p><\/blockquote>\n\n\n\n<p>And compliance alerts like the following:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>2007 Jul 23 13:44:54 Rule Id: 512 level: 3<br>Location: (winhome) 192.168.2.190-&gt;rootcheck<br>Windows Audit event.<\/p><p><strong>Windows Audit: Null sessions allowed.<\/strong><\/p><p>2007 Jul 23 13:44:54 Rule Id: 512 level: 3<br>Location: (winhome) 192.168.2.190-&gt;rootcheck<br>Windows Audit event.<\/p><p><strong>Windows Audit: LM authentication allowed (weak passwords).<\/strong><\/p><\/blockquote>\n\n\n\n<p>Interested?&nbsp;<a href=\"http:\/\/www.ossec.net\/wiki\/index.php\/Know_How:WindowsPolicy\">Read more how it works here<\/a>. You can also try our&nbsp;<a href=\"http:\/\/www.ossec.net\/wiki\/index.php\/Dev:BetaTesting\">beta version to help us improve it<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OSSEC&nbsp;v1.3 will come with support for Windows policy monitoring, allowing you to verify that all your systems conform to a set of policies regarding configuration settings, applications usage, etc. They are configured centrally on the ossec server and pushed down to all your agents. With the Windows policy monitoring, you can get alerts like the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[11],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/244"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=244"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/244\/revisions"}],"predecessor-version":[{"id":245,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/244\/revisions\/245"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}