New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wazuh 3.6.1 #708

Closed
dougburks opened this Issue Mar 27, 2015 · 9 comments

Comments

3 participants
@dougburks
Contributor

dougburks commented Mar 27, 2015

Need the new OSSEC agent to parse EventChannel logs properly (for sysmon).

@dougburks dougburks changed the title from Update OSSEC to OSSEC 2.9 Jun 21, 2015

@adigiuseppe

This comment has been minimized.

Show comment
Hide comment
@adigiuseppe

adigiuseppe Apr 29, 2016

Hi Doug,

First off, huge thanks for a great NSM distro.

Is this standard OSSEC 2.9 or the Wazuh fork of OSSEC? If it's the plain old OSSEC, I'd suggest you check out what the Wazuh HIDS folks are doing to enhance OSSEC.

P.S. I have "upgraded" the Security 14.0.4.1 OSSEC in-place to the Wazuh fork of OSSEC 2.9 and it works correctly with ELSA, etc. I simply followed the steps here to install on top of the SO OSSEC: Installing Wazuh HIDS.

adigiuseppe commented Apr 29, 2016

Hi Doug,

First off, huge thanks for a great NSM distro.

Is this standard OSSEC 2.9 or the Wazuh fork of OSSEC? If it's the plain old OSSEC, I'd suggest you check out what the Wazuh HIDS folks are doing to enhance OSSEC.

P.S. I have "upgraded" the Security 14.0.4.1 OSSEC in-place to the Wazuh fork of OSSEC 2.9 and it works correctly with ELSA, etc. I simply followed the steps here to install on top of the SO OSSEC: Installing Wazuh HIDS.

@dougburks

This comment has been minimized.

Show comment
Hide comment
@dougburks

dougburks Apr 29, 2016

Contributor

Hi adigiuseppe,

This hasn't been implemented yet since OSSEC 2.9 hasn't been released. Once it is released, I'll take a look at standard OSSEC vs Wazuh.

Contributor

dougburks commented Apr 29, 2016

Hi adigiuseppe,

This hasn't been implemented yet since OSSEC 2.9 hasn't been released. Once it is released, I'll take a look at standard OSSEC vs Wazuh.

@adigiuseppe

This comment has been minimized.

Show comment
Hide comment
@adigiuseppe

adigiuseppe Apr 29, 2016

OK, I ask because Wazuh is forked off the OSSEC 2.9 code branch already; they also contribute back to the upstream OSSEC project, I believe.

adigiuseppe commented Apr 29, 2016

OK, I ask because Wazuh is forked off the OSSEC 2.9 code branch already; they also contribute back to the upstream OSSEC project, I believe.

@dougburks

This comment has been minimized.

Show comment
Hide comment
@dougburks

dougburks Jul 7, 2017

Contributor

Notes for packaging:

I think the default limit is the same as it was in 2.9.0 (2048 I believe). 
It is supposed to be changeable with `make MAXAGENTS=NUMBER` or 
probably `MAXAGENTS=NUMBER ./install.sh` 

https://groups.google.com/d/topic/ossec-list/xiVOGEBqTVg/discussion

Contributor

dougburks commented Jul 7, 2017

Notes for packaging:

I think the default limit is the same as it was in 2.9.0 (2048 I believe). 
It is supposed to be changeable with `make MAXAGENTS=NUMBER` or 
probably `MAXAGENTS=NUMBER ./install.sh` 

https://groups.google.com/d/topic/ossec-list/xiVOGEBqTVg/discussion

@dougburks

This comment has been minimized.

Show comment
Hide comment
@dougburks

dougburks Aug 14, 2017

Contributor

Another note for packaging:

ossec-server.conf should have local_rules.xml after securityonion_rules.xml to allow users to override defaults:
https://groups.google.com/d/topic/security-onion/m_pD9HidK_o/discussion

Contributor

dougburks commented Aug 14, 2017

Another note for packaging:

ossec-server.conf should have local_rules.xml after securityonion_rules.xml to allow users to override defaults:
https://groups.google.com/d/topic/security-onion/m_pD9HidK_o/discussion

@dougburks

This comment has been minimized.

Show comment
Hide comment
@nicknomo

This comment has been minimized.

Show comment
Hide comment
@nicknomo

nicknomo Sep 2, 2017

I'd really like to see Wazuh in security onion. It already is integrated with the ELK stack, and it seems like you are headed there anyway. I'd love to see this in a future release of security onion.

nicknomo commented Sep 2, 2017

I'd really like to see Wazuh in security onion. It already is integrated with the ELK stack, and it seems like you are headed there anyway. I'd love to see this in a future release of security onion.

@dougburks

This comment has been minimized.

Show comment
Hide comment
Contributor

dougburks commented Sep 22, 2018

@dougburks

This comment has been minimized.

Show comment
Hide comment

@dougburks dougburks closed this Oct 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment