OSSEC Sys Log/Custom Log Capability

[sensato cybersecurity]

Would someone know if the following is possible?

I have a product by the name of BitDefender which can produce a log - the log is in CEF format I believe.  That log contains alerts that are raised by various endpoints being monitored by BitDefender.

1. Is there a way I could deploy an OSSEC agent on the BitDefender server and read in the log it produces and send that information as alerts to the OSSEC server?  
   
   
2. The log being produced by BitDefender is usually sent to a SIEM, so bascially I am trying to get the OSSEC agent to act as a mini-SIEM - reading custom logs.

[dan (ddp)]

On Wed, Jun 17, 2020 at 9:15 AM sensato cybersecurity <in...@sensato.co> wrote:
>
> Would someone know if the following is possible?
>
> I have a product by the name of BitDefender which can produce a log - the log is in CEF format I believe. That log contains alerts that are raised by various endpoints being monitored by BitDefender.
>
> Is there a way I could deploy an OSSEC agent on the BitDefender server and read in the log it produces and send that information as alerts to the OSSEC server?
>

I don't know much about bitdefender, so it's hard to say. OSSEC can
install on most Windows and Linux systems. If it's a blackbox
appliance it would be a lot harder. Looking at their site there are a
lot of products. Which one are you using specifically?
Is the log file an actual file or does it log to a database or something?

> The log being produced by BitDefender is usually sent to a SIEM, so bascially I am trying to get the OSSEC agent to act as a mini-SIEM - reading custom logs.
>

> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/efe69c46-e7d5-45aa-8fc5-dc8bbae6cfaco%40googlegroups.com.