Slack

[Sabbo]

Is anyone using slack integrated with SO? If so i would be interested in your usage and any detail on integration, we use slack for a lot but currently not SO.

[Wes Lambert]

Sabbo,

What would you be looking to achieve with this integration?

Thanks,
Wes

On May 24, 2016 1:40 PM, "Sabbo" <cr...@advancedcybersecurity.co.uk> wrote:

Is anyone using slack integrated with SO? If so i would be interested in your usage and any detail on integration, we use slack for a lot but currently not SO.

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

[Kevin Branch]

I have read that OSSEC, which is included in SO, is capable to Slack integration:

https://blog.sucuri.net/2016/01/server-security-integrating-ossec-with-slack-and-pagerduty.html

Kevin

[Sabbo]

well I login to see IDS alerts and IDS events very frequently so any info in slack would be amazing when im out and about.

[Sabbo]

I dont use OSSEC

[Kevin Branch]

I've not heard of anyone doing that yet, but I bet it wouldn't be too bad to set up.  You could install logstash on your SO sensor and have it feed off of "Alert Received" lines in  /var/log/nsm/securityonion/sguild.log.  Then you could use the slack output plugin for logstash (https://github.com/cyli/logstash-output-slack) to send events to Slack.  

Kevin

On Wed, May 25, 2016 at 6:31 AM, Sabbo <cr...@advancedcybersecurity.co.uk> wrote:

I dont use OSSEC