没有合适的资源?快使用搜索试试~ 我知道了~
Log_Analysis_using_OSSEC.pdf
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 10 浏览量
2022-01-02
22:15:14
上传
评论
收藏 212KB PDF 举报
温馨提示
试读
46页
Log_Analysis_using_OSSEC.pdf
资源推荐
资源详情
资源评论
Copyright 2007 Daniel B. Cid
Agenda
●
Defining LIDS (Log-Based IDS)
●
OSSEC Overview
●
Installation demo
●
Log decoding and analysis with OSSEC
●
Writing decoders
●
Writing rules
●
Examples of rules and alerts in the real world
Copyright 2007 Daniel B. Cid
Concepts
●
OSSEC does “security log analysis”
➔
It is not a log management tool
➔
Only stores alerts, not every single log
➔
I still recommend log management and long term storage of
ALL logs
●
Security Log Analysis can be called LID(S)
➔
Log-based Intrusion Detection System
➔
We could even call it OSSEC LIDS, since some users only
use the log analysis side of OSSEC
Copyright 2007 Daniel B. Cid
Defining LIDS
●
Log-Based Intrusion Detection
Log Analysis for intrusion detection is the process or techniques used to
detect attacks on a specific environment using logs as the primary source
of information.
LIDS is also used to detect computer misuse, policy violations and other
forms of inappropriate activities.
Copyright 2007 Daniel B. Cid
LIDS benefits
●
Cheap to implement
➔
OSSEC is free, for example
➔
Does not require expensive hardware
●
High visibility of encrypted protocols
➔
SSHD and SSL traffic are good examples
●
Visibility of system activity (kernel, internal daemons,..)
●
Every application/system can be a part of it
➔
They all have some kind of log!
➔
Including firewalls, routers, web servers, applications, etc
剩余45页未读,继续阅读
资源评论
mYlEaVeiSmVp
- 粉丝: 1917
- 资源: 19万+
下载权益
C知道特权
VIP文章
课程特权
开通VIP
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- Python 程序语言设计模式思路-行为型模式:策略模式:将算法封装成独立的类,并使它们可以互相替换及支付模式数据压缩
- main.py
- Last Loaded Test.DBK
- Screenshot_20240520_163011.jpg
- ubuntu-python3-whisper-tornado docker镜像 Dockerfile
- ubuntu-python3-whisper-tornado docker镜像07
- 新录音 8.m4a
- ubuntu-python3-whisper-tornado docker镜像
- ubuntu-python3-whisper-tornado docker镜像
- ubuntu-python3-whisper-tornado docker镜像09
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功