Description:
This is the video of the OSSEC HIDS presentation given at FOSDEM.
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.
You can download it from here.Expect an overview of the basic architecture as well as practical examples of how to customize OSSEC to manage logging from your infrastructure and applications. Log management, Intrusion detection/prevention and event correlation is a challenge we have been facing for decades. Most of us have been able to ignore it but with developments in regulatory compliance (PCI-DSS, HIPAA, SOX, ISO27K, ...) companies are required to investigate solutions. In this talk we will firstly touch upon the problems that will be faced during such a project and how log management will look in the future (new standards are on their way). After this boring introduction to the magical world that is log management and intrusion detection we will delve into the solution that is presented with OSSEC. While labeled as a Host-based Intrusion Detection System (HIDS), OSSEC provides you with a complete arsenal of functionalities that allow you to build a log management solution which will translate the most cryptic log message into a clear and actionable alert. Expect an overview of the basic architecture as well as practical examples of how to customize OSSEC to manage logging from your infrastructure and applications.
Thanks go out to n0b0d4 (n0b0d4 [] yahoo.cn) for referring this video to us.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: