Comments (3)
jrossi
commented on July 19, 2024
This is something we need to get more help on. Maybe some docs on how to manage the files and update them so we can get more people helping out.
from ossec-hids.
mstarks01
commented on July 19, 2024
I can probably help with this. I have contributed to the CIS benchmark so I have some experience in this area. I can't make any promises on time frame, though.
I have often pondered what the scope of rootcheck and even syscheck should be within OSSEC. It's possible to detect all kinds of malware, but then again all kinds of malware is constantly being released. At what point do you say "that's the AV scanner's job" or should we try to detect as much as we can simply due to the fact that AV detection rates are already generally poor?
from ossec-hids.
jrossi
commented on July 19, 2024
I think this is a vital question and something we should talk about on the mailing list. So the discussion in a more public manor. Let's move this to ossec-list
Sent from my iPhone
On Feb 16, 2014, at 10:08 AM, "mstarks01" [email protected] wrote:
I can probably help with this. I have contributed to the CIS benchmark so I have some experience in this area. I can't make any promises on time frame, though.
I have often pondered what the scope of rootcheck and even syscheck should be within OSSEC. It's possible to detect all kinds of malware, but then again all kinds of malware is constantly being released. At what point do you say "that's the AV scanner's job" or should we try to detect as much as we can simply due to the fact that AV detection rates are already generally poor?
—
Reply to this email directly or view it on GitHub.
from ossec-hids.
Related Issues (20)
- OSSEC Version migration HOT 2
- Issues with File Integrity Monitoring (Syscheck) HOT 4
- Some vulnerabilities are not fixed since 2020 HOT 4
- It does not work in `Amazon Linux 2023` HOT 6
- Better error message for "ossec-testrule: currently_rule not set!" HOT 4
- Custom Rules HOT 1
- Null
- syscheck HOT 1
- incorect layout for debian bookworm and bullseye repos HOT 3
- ERROR: SSL read (unable to receive message) OSSEC HOT 1
- sslv3 alert handshake failure
- Missing repo data for Ubuntu Jammy HOT 1
- /var/ossec/etc/ossec.conf and Ansible community.general.xml
- [HELP]
- Problem with decoders HOT 1
- ossec-analysisd leaks memory.
- Journald read in 1001 seconds bursts HOT 8
- Link doesn't exists
- Missing security policy. Cannot report security bugs and vulnerabilities. HOT 5
- Support for ossec in AmazonLinux2023 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ossec-hids.