Clik here to view.
HIDS Agentless in AlienVault USM
It provides the SSH authentication to the host you want to access. For Cisco devices (PIX, routers, etc), you need to provide an additional parameter for the enable password. The same thing applies if...
View ArticleClik here to view.
How access log work with OSSIM
Access log moves to sensor / data source then I mapping to event id with considering the rules in ossim.Data sources can be found in “ossim ->configuration –> threat_intelligence –>...
View ArticleClik here to view.
OSSEC Decoder
Each application contains it's own log record format.eg:web.madhuka.lk 123.231.120.128 - - [27/Dec/2015:03:44:16 +0530] "POST /lksearch.php HTTP/1.1" 200 35765 "http://madhuka.lk/""Mozilla/5.0 (Windows...
View ArticleGrep quotes in Linux
Count line when words has been matched$ grep -c 'word' /path/to/filePass the -n option to precede each line of output with the number of the line in the text file$ grep -n 'root' /etc/passwdIgnore word...
View ArticleUncomplicated Firewall
The Linux kernel in Ubuntu provides a packet filtering system called netfilter, and the traditional interface for manipulating netfilter are the iptables suite of commands. The Uncomplicated Firewall...
View ArticleClik here to view.
DiskPart in window (Fdisk in windows 8)
Unfortunately Windows does not support Fdisk anymore. But there is another good command line tool to solve this problem. DiskPart in windows is useful format unallocated spaces in USB pen. 1. Enter...
View ArticleClik here to view.
Sending Brute force attack
A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and...
View ArticleClik here to view.
OSSEC Rule Testing
IntroductionsIn OSSEC, the rules are classified in multiple levels from the lowest (00) to the maximum level 16. But some levels are not used right now and below explain level details.00 - Ignored01 –...
View ArticleClik here to view.
Creating New Rule set for OSSEC Server
In here I am using well known decoder in OSSEC if you need new OSSEC decoder you can write new decoder also [1]. Add new file to rules directory in OSSEC. Creating new OSSEC rule set$ vi...
View ArticleClik here to view.
Connecting to OSSEC rule from OSSIM
Pre requestTest OSSEC new log from ‘ossec-logtest’Here is the custom created rules. This rule is mainly looking on url with word with ‘payment’<rule id="31181" level="6">...
View ArticleClik here to view.
Adding More user data field for Event
We need to have extra user data field on our security event. We need to know event occurred timeHost Server IP Editing particular event on ‘/etc/ossim/agent/plugins/ossec-single-line.cfg’. We can...
View ArticleClik here to view.
Triggering action or email over the event occurrence in OSSIM
Triggering action over the event occurrence in OSSIM is going to explain in this article.There is agent in the system with IP, 192.168.80.22. Email is to be send to server admins whenever this agent...
View ArticleSyscheck in OSSEC
If you’re familiar with SEIM tools or OSSEC, then you know syscheck. Syscheck is the integrity checking daemon within OSSEC. It’s purpose is simple, identify and report on changes within the system...
View ArticleClik here to view.
Cleaning OSSIM Alarms
Working on an Alienvault IDS system or OSSIM you can come across over huge amount of alarms are created will system migrations. use the ossim-db command:> ossim-dbuse the alienvault database:>...
View ArticleClik here to view.
WSO2 ESB with JavaScript Object Notation
There is few thing that make my work enjoyable with WSO2 ESB as it provides support for JavaScript Object Notation (JSON) payloads in messages. It is not very new feature and it old feature. It...
View ArticleClik here to view.
Handling simple denormalized data from Talend
Data integration is the combination of technical and business processes used to combine data from disparate sources into meaningful and valuable information. Today some systems may store data in a...
View ArticleClik here to view.
Handling BigDecimal in Talend
Post is very basic one, Since Talend is all about data integration. Finding a BigDecimal [1] in such data set is very common. BigDecimal VS DoublesA BigDecimal is an exact way of representing numbers....
View ArticleClik here to view.
Enterprise Data integration Directions
Enterprise Data Integration is a broad term used in the integration landscape to connect multiple Enterprise applications and hardware systems within an organization. All these enterprise data...
View ArticleClik here to view.
Lifecycle of a Book in WSO2 Greg
The Lifecycle Management(LCM) plays a major role in SOA Governance. WSO2 Governance Registry Lifecycle Management supports access control at multiple levels in lifecycle state.1. Permissions1.1 Check...
View ArticleClik here to view.
JAVA8 Stream API and New Class Optional
In this post give some basic on JAVA Stream API which is added in Java 8. It works very well in conjunction with lambda expressions. Pipeline of stream operations can manipulate data by performing...
View Article