Hi Jamie,
I do not know of any Windows HIDS that will report into
Prelude
natively. In addition to OSSEC, Osiris runs on Windows.
One thing you could look into, and which I had started
looking into, is
having OSSEC output alerts to a shell script, then have the
shell script
use Prelude-Import (a commercial add-on from
prelude-ids.com) to get the
messages into the Prelude architecture.
FWIW, I have been using one of the latest snapshots of the
Correlator
without issue for a few days now, and a different subversion
release for
some time with only minor insert errors, that various people
helped me
get around.
ScottO
Jaime Ventura wrote:
> Hello again.
> For NIDS on unix servers Im using samhain, and im
triyng to glue it to
> prelude.
> What about windows NIDS? samhain on windows needs
cygwin, but I would
> prefere a native NIDS for windows.
> OSSEC seems nice, but I cant find any info about
connecting it to prelude.
> Any ideas?
> Thank you all for you help.
>
> P.S.By the way, does anyone knows the current status of
the correlation
> engine?
> I know it is implemented on the CVS version, but will
it take to long
> to come out as a production release?
>
> _______________________________________________
> Prelude-user site list
> Prelude-user prelude-ids.org
> http://www.prelude-ids.org/mailman/listinfo/prelude-user
>
_______________________________________________
Prelude-user site list
Prelude-userprelude-ids.org
http://www.prelude-ids.org/mailman/listinfo/prelude-user
|
