SO monitor Windows Active Directory?
617 views
Skip to first unread message
Carlton Whitmore
Sep 7, 2014, 6:41:20 PM9/7/14
to securit...@googlegroups.com
Can Security Onion be setup to monitor Active Directory changes, failed logins, group changes and Windows share access?
Doug Burks
Sep 7, 2014, 7:50:25 PM9/7/14
to securit...@googlegroups.com
Hi Carlton,
Yes, Security Onion includes an OSSEC server that can monitor OSSEC
agents installed on your Active Directory Domain Controllers and
report on the kinds of things you're looking for. In addition, OSSEC
agents also perform file integrity checking and rootkit detection.
On Sun, Sep 7, 2014 at 6:41 PM, Carlton Whitmore <cwhit...@gmail.com> wrote:
> Can Security Onion be setup to monitor Active Directory changes, failed logins, group changes and Windows share access?
>
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Yes, Security Onion includes an OSSEC server that can monitor OSSEC
agents installed on your Active Directory Domain Controllers and
report on the kinds of things you're looking for. In addition, OSSEC
agents also perform file integrity checking and rootkit detection.
On Sun, Sep 7, 2014 at 6:41 PM, Carlton Whitmore <cwhit...@gmail.com> wrote:
> Can Security Onion be setup to monitor Active Directory changes, failed logins, group changes and Windows share access?
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Carlton Whitmore
Sep 7, 2014, 9:28:37 PM9/7/14
to securit...@googlegroups.com
Doug,
I work for a non-profit so we don't have a lot of funds for IT, but have security requirements. Thanks for providing a great security tool.
I'm new to SO and OSSEC. I'm assuming OSSEC server can be installed on same server as standalone SO?
Also, do I download Windows agent directly from www.ossec.net? Do you have docs on setup?
Thanks,
Carlton.
I work for a non-profit so we don't have a lot of funds for IT, but have security requirements. Thanks for providing a great security tool.
I'm new to SO and OSSEC. I'm assuming OSSEC server can be installed on same server as standalone SO?
Also, do I download Windows agent directly from www.ossec.net? Do you have docs on setup?
Thanks,
Carlton.
Doug Burks
Sep 8, 2014, 3:57:07 PM9/8/14
to securit...@googlegroups.com
Replies inline.
On Sun, Sep 7, 2014 at 9:28 PM, Carlton Whitmore <cwhit...@gmail.com> wrote:
Doug,
I work for a non-profit so we don't have a lot of funds for IT, but have security requirements. Thanks for providing a great security tool.
I'm new to SO and OSSEC. I'm assuming OSSEC server can be installed on same server as standalone SO?
You don't need to manually install the OSSEC server. It's automatically installed and enabled by Security Onion itself.
Reply all
Reply to author
Forward
0 new messages