[This is my first video tutorial. Please go easy on me:) Let's count how many times I say, 'OSSIM' or 'OSSEC'.] This is a very basic video tutorial that will demonstrate how you can add OSSEC agents to OSSIM.
Source Downloads ¶ Latest development. Agent Windows: ossec-agent-win32-2.9.3.exe: GPG Windows: Virtual Appliance. Install Agent or Server. This is a very basic tutorial on how to install a both Linux based and Windows based OSSEC agents and to have those agents communicate with OSSIM. This DOES NOT. OSSEC Agent Installation in windows Step-by-Step. Installing OSSEC agent in a Windows server Step 1. Create a new OSSEC key for the agent from the Server.
To follow along you will need a few boxes / VM's running the following: - OSSIM 4.4 - CentOS (Tutorial v 6.4) - Windows [Any] (Tutorial v. Server 2008) Repositories: wget wget rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm wget -q -O - sh On a side note, you may not see end up with an active connection between your agent and OSSIM. Check your network settings / firewall rules. If you are still hitting a wall, feel free to contact me. Installing Arma 3 Mods there. Supplemental Instructions.
December 18, 2013 This is a very basic tutorial on how to install a both Linux based and Windows based OSSEC agents and to have those agents communicate with OSSIM. This DOES NOT include active response.
More Install Ossim Agent Windows videos.
I will discuss active response and walk you through the OSSEC configuration with active response in a later video. Please be gentle this is my first video tutorial. If you have any suggestions on how I can improve my tutorials, please send them my way. Any help would be much appreciated.
[Looking for a good tool for screen recording.] The following information is to be supplemented with the video: 1. Connect to your OSSIM box and “Jailbreak this Appliance” to get a shell. Add agents (/var/ossec/bin/manage_agents) 3. Connect to your Linux (CentOS) box and add the necessary repositories (epel, remi, atomic) wget wget rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm wget -q -O – sh 4. Install the OSSEC Agent yum install ossec-hids-client 5. Configure OSSEC agent (/var/ossec/bin/ossec-configure) 6.
Add the server IP to the conf file (/var/ossec/etc/ossec.conf) 7. Import the agent key.
[Extract the key from OSSIM] [Import the key into the agent] 8. Start OSSEC (/var/ossec/bin)./ossec-control start 9. On your windows box.