Log-based intrusion detection using OSSEC presented at AUScert 2007

by Daniel Cid,

Summary : This presentation will provide a highly technical overview on how to implement security log analysis (Log-Based Intrusion Detection) using the open source tool OSSEC. We will explain the inner works of OSSEC and how to extract, analyze and correlate logs from multiple sources, including web servers, authentication devices and proxy logs.
Examples on how to write decoders and rules will be provided, as well as tips on how to expand it for your own needs.