Automating Incident Response Using OSSEC

Contributed by Boyd Aaron Sigmon

Exposing services to the Internet inadvertently invites attackers to constantly probe systems for ways in to a network. In the world of intrusion detection, these probes can raise alarms and require valuable manpower to block offenders and verify that the attackers haven’t been successful. The purpose of this paper is to show how to automate the incident response process of blocking some of the most common attacks by using the active response feature in a free open source tool called OSSEC.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet