From OSSEC Wiki

Jump to: navigation, search

Understanding the Windows Agent in OSSEC

OSSEC's Windows Agent allows you to search a windows host for relevant security information and report back to the OSSEC server.

The default configuration for the agent is to monitor the Application, Security, and System Event Logs, passing them onto the server for analysis.

There is also a rootkit checker that runs on the host.

The agent also reports back on the presence of any alternate NTFS File Streams.

Retrieved from "http://ossec.net/wiki/index.php/Know_How:WindowsAgent"

Views

Edit

Personal tools

Log in / create account

Documentation

Search