O'Reilly logo

Instant OSSEC Host-based Intrusion Detection by Brad Lhotsky

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuring the alerts (Simple)

The biggest failure of security software is the volume of unactionable alerts. Silencing alerts and investigating false positives robs an organization's valuable hours that it could use to enhance its security posture. OSSEC provides its users with options to fine-tune alerting to keep from becoming the boy who cried "Wolf!".

Getting ready

Armed with knowledge on how to write rules, we could just toggle alerting levels for all rules individually. This would be tedious, unless we used a generic catchall. However, that would destroy the granularity and precision of OSSEC analysis. It would be better to combine the two to maintain granularity and get e-mail alerting down to reasonable levels.

Every rule must set a level. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required