I must say I really like this blogspot thing, nifty add-ons for the blog. I found a "polling one" and intend to run a poll each month and post the results and impressions on a summarized post.
This month's poll is about OSSIM improvements: where do you think the most improvement is required?
Thanks for any feedback on this, if you specify "Other" please comment on this post about what you meant.
Andrew Hay’s 2025 Cybersecurity Predictions
-
As we approach 2025, the ever-evolving landscape of cybersecurity continues
to challenge professionals and organizations alike. Based on observed
trends an...
2 weeks ago
2 comments:
expand policy filters so you create polices that inspect the data portion of events. Good example is Ossec which generates a lot of false positives. You can't filter them out because policy can only see to the PID level and the information needed to exclude selected events is in the data portion.
policy filters on src port. And I agree with urapain about policy filters for data portion of events.
Post a Comment