I am a fan on the OSSEC app, however to make proper use of it in my eyes it needs to be integrated with the Common Information Model.
Has anybody already integrated the OSSEC appp with Common Information Model i.e. field extractions and tags etc.
There's a TA for it in Enterprise Security -- getting that onto Apps is on the to-do list. Note that this is a long list and timing is TBD.
View solution in original post