SIEMonster Traffic Flow Windows V2

Photo posted by chris on Oct 13, 2016

On a Microsoft host, NX-Log and OSSEC is to be installed. This will collect event logs and OSSEC HIDS events and send them to Proteus encrypted via UDP for Logstash analysis. The data is then queried every minute from Capricorn by the 411 Alerting/Analysis application and alert data is then send to specified targets as well as being fed back into the SIEM for long term storage/archiving/forensic analysis.

Photo Details

  • File size
  • 82.9 KB
  • Photo size
  • 1540x1076

Outcomes