OSSEC is fully open source and free. You can tailor OSSEC for your security needs through its extensive configuration options, adding custom alert rules and writing scripts to take action when alerts occur. OSSEC uses decoders to extract useful information from logs, and it ships with many decoders for a large numbers of systems. However, for custom systems which generate logs that have a custom format, default decoders may not exist, and OSSEC allows you to write your own custom decoders, and define rules which indicate how those logs shall be handled.
In this scenario, you shall learn the following: - A brief overview about analysing Logs - How OSSEC generates alerts - Testing logs using OSSEC's inbuilt logtrst tool - Writing custom decoders - Defining custom rules - Testing custom decoders and rules - OSSEC and PCI compliance
- TIME180 MINUTES
- COST10000 CRYSTALS