Blog Archives

Changes with OSSEC

After many years, I have decided to step down from the OSSEC core team. It was not a decision I made lightly, but due to some recent changes in the project, I felt I would be more useful as a

Tagged with:
Posted in Intrusion Detection

With Your Finger on the Trigger…

It was a pretty ordinary day. I think I was doing a review of our firewall ruleset–a decidedly monotonous but necessary task. Then in came an alert that McAfee had deleted a file on one of our workstations. That doesn’t

Posted in Incident Response, Intrusion Detection

OSSEC CON 2013 Materials Available

My and my esteemed colleagues’ presentations from OSSEC CON 2013 are now available. The conference summary can be found here and my presentation can be found here. It was great meeting everyone and we had some great discussions surrounding how to

Tagged with: ,
Posted in Intrusion Detection, Log Analysis, Log Management

OSSEC CON 2013

Please join me at the second annual OSSEC conference, OSSEC CON 2013. I have the pleasure of joining Scott Shin, CTO of AtomicCorp, and Santiago Gonzalez, Director of Professional Services at AlienVault, in presenting. Time is running out to register, so make sure

Tagged with:
Posted in Intrusion Detection, Log Analysis

The Future of OSSEC

It has been awhile since the last release of OSSEC and some users wonder if the project is really still active. Well, I am here to tell you that not only is it active, but it has been the most

Tagged with:
Posted in Intrusion Detection, Log Analysis

OSSEC Community Symposium, July 12-13 2012

Please join me at the first OSSEC Symposium, sponsored by Trend Micro. This is a forum for the OSSEC community to come together and discuss all things OSSEC. We’ll not only talk about what makes OSSEC so effective, but what

Tagged with:
Posted in Intrusion Detection, Log Analysis, Log Management

Third Annual Week of OSSEC

It’s almost that time of year again. October is National Cybersecurity Awareness Month. It’s also the third year that we have the opportunity to come together as a community to share some great OSSEC info. This year we have designated

Tagged with:
Posted in Intrusion Detection, Log Analysis

The Immutable Friday Fav Five for September 23, 2011

Here are the five or more links that I found interesting for this week: This is just all kinds of awesome. It’s not that I am with the bad guys, but when they get this creative you have to give

Tagged with: ,
Posted in Computer Crime, Intrusion Detection, Log Analysis, Secure Design, Vulnerabilities

The Immutable Friday Fav Five for September 16, 2011

Here are the five or more links that I found interesting for this week: Dave Hoelzer from SANS provides some very useful “AuditCasts.” These are short, instructional videos on various topics. This week, Dave talked about the benefits of split

Tagged with:
Posted in Dialogue, Intrusion Detection, Log Analysis, Risk Management, Secure Design

The Immutable Friday Fav Five for September 9, 2011

Here are the five links that I found interesting for this week: The Shadowserver foundation is comprised of a group of volunteer security professionals who gather information about Internet-based crime. One of the more interesting projects is a compilation of

Tagged with: ,
Posted in Computer Crime, Dialogue, Incident Response, Intrusion Detection, Log Analysis, Research, Secure Administration, Secure Design, Standards, Systems Hardening