running processes without a binary on disk

[bill evergreen]

Hello list,

does Ossec alert if there are processes running without a binary on disk?

Thank's a lot for any feedback

Bill

[dan (ddp)]

I don't think there's any rules for this.

> Bill
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAAmYSevq1oU75KESvCPQAA6BVq%2BhRfd_DJLx%2Bryvy_atfDO4%3Dw%40mail.gmail.com.

[Phil Schilling]

> On Nov 13, 2019, at 6:17 AM, dan (ddp) <ddp...@gmail.com> wrote:
>
> On Thu, Nov 7, 2019 at 11:16 AM bill evergreen <bill.ev...@gmail.com> wrote:
>>
>> Hello list,
>>
>> does Ossec alert if there are processes running without a binary on disk?
>>
>> Thank's a lot for any feedback
>>
>
> I don't think there's any rules for this.
>
>> Bill
>>

I believe you can use Osquery for this. You can integrate Osquery with Wazuh.

Phil

>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAAmYSevq1oU75KESvCPQAA6BVq%2BhRfd_DJLx%2Bryvy_atfDO4%3Dw%40mail.gmail.com.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMqqRs_Bk9LEKbRdGdpkZRQnEHdZ_t8UCPNOCidjWcmwyw%40mail.gmail.com.