| Speakers | |
|---|---|
|
Wim Remes |
| Schedule | |
| Day | Saturday |
| Room | Chavanne |
| Start time | 16:00 |
| End time | 16:45 |
| Duration | 00:45 |
| Info | |
| Event type | Podium |
| Track | Security |
| Language | English |
| Media | |
| Video (DIVX) | |
Expect an overview of the basic architecture as well as practical examples of how to customize OSSEC to manage logging from your infrastructure and applications.
Log management, Intrusion detection/prevention and event correlation is a challenge we have been facing for decades. Most of us have been able to ignore it but with developments in regulatory compliance (PCI-DSS, HIPAA, SOX, ISO27K, ...) companies are required to investigate solutions. In this talk we will firstly touch upon the problems that will be faced during such a project and how log management will look in the future (new standards are on their way). After this boring introduction to the magical world that is log management and intrusion detection we will delve into the solution that is presented with OSSEC. While labeled as a Host-based Intrusion Detection System (HIDS), OSSEC provides you with a complete arsenal of functionalities that allow you to build a log management solution which will translate the most cryptic log message into a clear and actionable alert. Expect an overview of the basic architecture as well as practical examples of how to customize OSSEC to manage logging from your infrastructure and applications.