Blog Archives

OSSEC Community Symposium, July 12-13 2012

Please join me at the first OSSEC Symposium, sponsored by Trend Micro. This is a forum for the OSSEC community to come together and discuss all things OSSEC. We’ll not only talk about what makes OSSEC so effective, but what

Tagged with:
Posted in Intrusion Detection, Log Analysis, Log Management

First Impressions with ELSA: Bye-bye Grep

When I first read about ELSA, I knew it was going to be a game changer. From the very beginning, this log collection and analysis application had addressed many of the problems plaguing adoption of open source log front-ends in the

Posted in Log Analysis, Log Management

Waging War in the Digital Age

What are the ethical ramifications of waging war via computer? Does war even have to be declared? Where are the boundaries in the virtual world? What happens when machines begin to think for themselves? These are the questions I explore

Posted in Computer Crime, Ethics

When Disclosure Can Kill

What should one do when discovering a vulnerability in a medical device? What if, by disclosing the vulnerability, you could put someone’s life at risk? These are the questions I explore in an article I wrote for the most recent

Posted in Dialogue

3WoO Day 7.1: The OSSEC-O-Lantern

Halloween is a special time of year. It’s that one day where we confuse our children by telling them to not only take candy from strangers, but to go out and beg for it while dressed in an overpriced polyester

Tagged with:
Posted in Log Analysis

3WoO Day 7: Wrapping It Up

Well, despite my best efforts, the day 7 post is going to be a bit delayed. But I think you’ll like it. So, stay tuned.

Tagged with:
Posted in Dialogue

3WoO Day 6: Learning From Malware Part II–The Rules

Yesterday, I blogged about some annoying malware. The point was to learn some of the techniques that this general class of malware uses, so we could write some OSSEC rules to detect it. If you haven’t already read that post,

Tagged with:
Posted in Dialogue, Log Analysis

3WoO Day 4: Learning From Malware

When most people receive an email with a malicious attachment, they do one of two things: either they delete it, knowing that it is malicious, or they get fooled into executing the attachment, which ruins their day. Then there is

Tagged with:
Posted in Log Analysis

3WoO Day 4: Five Tips & Tricks for OSSEC Ninjas!

Are you an OSSEC ninja? Do you dress in orange and red and laugh maniacally at all of the frustrated attackers who have tried to take you down? Do you take medication for that condition? Ok, well, best of luck to

Tagged with:
Posted in Log Analysis

3WoO Day 3: Leveraging Community Intelligence

The future of successful HIDS will not rely solely upon research from a small group of people. There are simply far too many things to look for to be an expert in all areas. Attacks involve changes to the file

Tagged with:
Posted in Log Analysis