Title
#general
defensivedepth

defensivedepth

08/12/2018, 11:49 PM
Wazuh (fork of OSSEC) has integrated osquery (https://github.com/wazuh/wazuh/releases/tag/v3.5.0 )
stefanmaerz

stefanmaerz

08/13/2018, 1:03 PM
interesting. I'm curious about why they selected OSSEC as their basis over osquery in the first place. I've used both and can't really think of an advantage OSSEC has.
1:03 PM
I suppose osquery may not have existed when Wazuh started
defensivedepth

defensivedepth

08/13/2018, 1:35 PM
Wazuh’s first release was in late 2015… Either way, for me, it was a pretty clear decision to move from OSSEC to osquery when I saw what I could do with osquery…. I still keep up with OSSEC/Wazuh, though…
marpaia

marpaia

08/13/2018, 4:15 PM
maybe they just really like xml 😉
defensivedepth

defensivedepth

08/13/2018, 4:28 PM
Security Onion uses OSSEC/Wazuh. I will be presenting this fall at the SO conference on integrating osquery with SO - trying to tie network & endpoint data more closely together.
marpaia

marpaia

08/13/2018, 5:29 PM
oh cool! did you see @steffen’s talk at querycon about this?
defensivedepth

defensivedepth

08/13/2018, 5:39 PM
I saw the GH repo but not the recording… Not up the on the site yet?
marpaia

marpaia

08/13/2018, 9:38 PM
unfortunately steffen didn’t want the video posted.
defensivedepth

defensivedepth

08/13/2018, 11:04 PM
ok, no worries…. Thanks!