Find a copy online
Links to this item
Find a copy in the library
Finding libraries that hold this item...
|Additional Physical Format:||Print version:
OSSEC host-based intrusion detection guide.
Burlington, Mass. : Syngress Pub., c2008
|Material Type:||Document, Internet resource|
|Document Type:||Internet Resource, Computer File|
|All Authors / Contributors:||
Andrew Hay; Daniel Cid; Rory Bray
|Description:||1 online resource (xxvii, 307 p.) : ill.|
|Contents:||Chapter 1: Introduction This chapter will introduce you to the OSSEC project, its history, and its goals. --
Chapter 2: Getting Started With OSSEC This chapter provides an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations. --
Chapter 3: Installation This chapter walks through the installation process for the "local" and "server" install types, including the Windows and Unix agent, and techniques to automate multiple agents installations. --
Chapter 4: Configuration This chapter discusses the post-install configuration of OSSEC. Within this chapter you learn how to monitor log files, remote messages, email notification, alerting levels, etc. --
Chapter 5: Working With Log Analysis --
Decoders This chapter shows you how to extract key information from logs using decoders. --
Chapter 6: Working With Log Analysis --
Rule Files This chapter discusses how you can leverage rules for various devices and how to write your own rules. It will include examples on how to parse atomic and composite rules, how to keep state between messages, remove false positives and tune it appropriately. --
Chapter 7: Configuring System Integrity Check This chapter explains the system integrity check features of OSSEC including monitoring of the binary executable files, system configuration files, and even the Windows registry. --
Chapter 8: Rootkit Detection This chapter explains the rootkit detection capabilities of OSSEC on Unix and its configuration. --
Chapter 9: Policy Enforcement This chapter explains the policy enforcement capabilities of OSSEC, explaining how to perform host-based system auditing and application monitoring. --
Chapter 10: Active Response Configuration This chapter explains how to configure the active response actions you want to configure as well as how to bind the actions to specific rules or events. --
Chapter 11: Integration and Advanced Configuration This chapter explains previously undocumented features, advanced configuration topics, and integration with third-party products. --
Chapter 12: Using the Web interface This chapter explains how to install and use the community developed, open source web interface, that is available for OSSEC. --
Appendix A: The Importance of Log Analysis.
|Responsibility:||Andrew Hay, Daniel Cid, Rory Bray.|
WorldCat User Reviews (1)
If you use OSSEC, you need to read this book!
OSSEC is an incredible open source tool. It parses system and application logs, generates security alerts, and increases the visibility you have on your network. As the only book dedicated to OSSEC, this is the definitive guide. Even though it was written for an slightly outdated version of OSSEC,...
- Was this review helpful to you?