Manual

• Getting started with OSSEC
  • Key Benefits
  • Key Features
• OSSEC Architecture
  • Manager
  • Agents
  • Agentless
  • Virtualization/VMware
  • Firewalls, switches and routers
  • Internal Architecture
  • Support
• Supported Systems
  • Operating Systems
  • Devices supported via Syslog
  • Devices and Operating Systems via Agentless
• Installation
  • OSSEC HIDS Manager/Agent Installation
  • OSSEC HIDS agentless Installation
  • OSSEC HIDS Binary installation
  • OSSEC Updates
  • External installation documents
• Syscheck
  • Why Integrity checking?
  • Quick facts
  • Realtime options
  • Configuration options
  • Configuration Examples
  • Real time Monitoring
  • Report Changes
  • Syscheck: FAQ
• Rootcheck Manual
  • Rootcheck
  • Understanding the Unix policy auditing on OSSEC
• Agents
  • Working with Agents
  • Agent systems behind NAT or with dynamic IPs (DHCP)
  • Centralized agent configuration
  • Agentless Monitoring
  • Writing Agentless Scripts
• Log monitoring/analysis
  • What is log analysis?
  • Quick Facts
  • Configuration Options
  • Monitoring logs
• Rules and Decoders
  • Testing OSSEC rules/decoders
  • CDB List lookups from within Rules
  • Create Custom decoder and rules
  • Directory path loading of rules and decoders
  • Rules Classification
  • Rules Group
• Output and Alert options
  • Sending alerts via syslog
  • Sending alerts via E-Mail
  • Sending output to a Database
  • Sending output to prelude
  • Sending alerts to picviz
• Active Response
  • Creating Customized Active Responses
  • UNIX: Active Response Configuration
  • Windows: Active Response Configuration