Profile cover photo
Profile photo
Santiago Bassett
110 followers
110 followers
About
Posts

Question about Log management:

I want to deploy a log management solution for my PCI DSS servers. In my case is an OSSEC manager, which would be receiving logs from OSSEC agents deployed in the servers. For the question I guess we can also assume it is a Syslog server (although it is not the same).

Does PCI DSS require to deploy it in the same subnet (VLAN) of my PCI DSS servers environment? can it be deployed in a different subnet (e.g. my production subnet)? What are the implications of doing this?

Thank you!

Post has attachment
How to monitor running processes with OSSEC
In this post I am going to explain what are the steps to use OSSEC agents to monitor system processes, and alert when an important one is not running. This method should work both for Windows and Unix like Operating Systems. In my lab I've deployed the agen...
Add a comment...

Post has attachment
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Cornerstones of Trust 2014:  http://cornerstonesoftrust.com . Presenters: Jaime Blasco (@jaimeblascob) and Santiago Bassett (@santiagobassett). Thank you Jaime. Threat Intelligence has become increasingly important as the number and severity of threats is ...
Add a comment...

Post has attachment
OSSECCON 2014 - Malware Detection with OSSEC
Happy to share my presentation from the OSSEC CON, which took place on September 16th in Cork, Ireland. Here you can find a brief explanation on different malware collection and analysis techniques, as well as a good example of how to use some IOCs to creat...
Add a comment...

Post has attachment
Updated OSSEC debian packages
Just published new versions ossec-hids_2.8-2 and ossec-hids-agent_2.8-2, for the different Debian distributions. Those can be found here:  http://ossec.alienvault.com/repos/apt/debian/pool/main/o/ Here are the changelogs: ossec-hids (2.8-2) stable; urgency=...
Add a comment...

Post has attachment
Files to create OSSEC HIDS Debian packages
Just published, in Github, the files I used to create OSSEC-HIDS version 2.8 debian packages, the ones included both in ossec.net website and in AlienVault repository.  https://github.com/santiago-bassett/ossec-debian You can find these packages at:  http:/...
Add a comment...

Post has attachment
Scripts to inject sample data to AlienVault / OSSIM SIEM
I just published a few scripts I wrote to inject sample data to AlienVault or OSSIM (Open Source Version) Unified SIEM. Those can be found in Github: https://github.com/santiago-bassett/Alienvault-Demo_scripts The scripts are ready to emulate Syslog data co...
Add a comment...

Post has attachment
Setting up an APT repository with Reprepro and Apache
This post can be considered a continuation of my previous ones: How to create a Debian package Debian packaging with Pbuilder Following next steps we will set up a signed Debian repository, using Reprepro and Apache2. 1.- Installing the tools root@server:~#...
Add a comment...

Post has attachment
Debian packaging with Pbuilder
This post explains how to create chroot environments, for different Debian distributions and system architectures, to build Debian packages. It also includes a description of the packages signing process, so those can later be uploaded to reprepro, an apt-g...
Add a comment...

Post has attachment
How to create a Debian package
I have actually found really useful documentation in the Internet (see references section below) that explains the package creation process in great detail. Nevertheless I thought it could make sense for me to put together a simplified tutorial, using a sim...
Add a comment...
Wait while more posts are being loaded