All Apps and Add-ons

Splunk Add-on for OSSEC: Is there a way with OSSEC to monitor when software is installed?

nickbijmoer
Path Finder

Hello,

Is there a way with OSSEC to monitor when software is being installed?

0 Karma

jstoner_splunk
Splunk Employee
Splunk Employee

If you are looking to integrate w ES, the ossec_file_integrity_monitoring source type maps to change analysis and the ossec_alert maps to alert data model.

You could adapt some of the existing correlation searches that use change analysis to fit this need or use the guided search to build a correlation search. You will want to think about how often you want to be alerted to these changes and if there is a certain threshold you would want to set.

0 Karma

nickbijmoer
Path Finder

Im trying to integrate it in Splunk enterprise, since we dont have enterprise security here, is it also possible on enterprise edition?

0 Karma

jstoner_splunk
Splunk Employee
Splunk Employee

Yes. You can use the common information model and and the associated TA on splunkbase https://splunkbase.splunk.com/app/2808/ and build a datamodel search using the change analysis data model or you can just take the ossec data in and then build some searches based on what you see.

0 Karma

aaraneta_splunk
Splunk Employee
Splunk Employee

@nickbijmoer - Are you using the Splunk Add-on for OSSEC? I just want to make sure your post is tagged correctly. Thank you.

0 Karma

nickbijmoer
Path Finder

@aaraneta, Yes I use the splunk add-on for ossec.

0 Karma
Get Updates on the Splunk Community!

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...