Wazuh (fork of OSSEC) has integrated osquery (<htt...
# generald
defensivedepth
08/12/2018, 11:49 PMWazuh (fork of OSSEC) has integrated osquery (https://github.com/wazuh/wazuh/releases/tag/v3.5.0 )
s
stefanmaerz
08/13/2018, 1:03 PMinteresting. I'm curious about why they selected OSSEC as their basis over osquery in the first place. I've used both and can't really think of an advantage OSSEC has.
stefanmaerz
08/13/2018, 1:03 PMI suppose osquery may not have existed when Wazuh started
d
defensivedepth
08/13/2018, 1:35 PMWazuh’s first release was in late 2015… Either way, for me, it was a pretty clear decision to move from OSSEC to osquery when I saw what I could do with osquery…. I still keep up with OSSEC/Wazuh, though…
👍 1
m
marpaia
08/13/2018, 4:15 PMmaybe they just really like xml 😉
😆 2
d
defensivedepth
08/13/2018, 4:28 PMSecurity Onion uses OSSEC/Wazuh. I will be presenting this fall at the SO conference on integrating osquery with SO - trying to tie network & endpoint data more closely together.
m
marpaia
08/13/2018, 5:29 PMoh cool! did you see @steffen’s talk at querycon about this?
d
defensivedepth
08/13/2018, 5:39 PMI saw the GH repo but not the recording… Not up the on the site yet?
m
marpaia
08/13/2018, 9:38 PMunfortunately steffen didn’t want the video posted.
d
defensivedepth
08/13/2018, 11:04 PMok, no worries…. Thanks!
8 Views