Search found 1688 matches

by mikeshinn
Wed Jun 26, 2019 5:55 pm
Forum: Atomic Protector (formerly ASL)
Topic: SACK
Replies: 7
Views: 29631

Re: SACK

On older systems it was probably set to no, it is set to yes by default not sure when the change happened though but for sometime its been the default.
by mikeshinn
Thu Jun 20, 2019 4:33 pm
Forum: Atomic Protector (formerly ASL)
Topic: SACK
Replies: 7
Views: 29631

Re: SACK

Only if TSO or GSO is enabled for the interface, and only if you have MSS protection disabled in ASL. Check this setting in ASL: FW_MSS_DROP="yes" ASL has always been immune to this kind of attack, for many many years if this is enabled. If youre not using ASL, then you want to check to se...
by mikeshinn
Tue Jun 18, 2019 3:57 pm
Forum: Atomic OSSEC
Topic: which agent reported the event?
Replies: 4
Views: 29394

Re: which agent reported the event?

Just a followup, the QA build will be released tomorrow into testing.
by mikeshinn
Thu Jun 13, 2019 4:37 pm
Forum: Atomic OSSEC
Topic: which agent reported the event?
Replies: 4
Views: 29394

Re: which agent reported the event?

Doug I see whats happening, it is a setting but a bug is causing it to be hidden in the current GUI. We're pushing an update out into QA to enable this column, and itll be in the testing channel Monday. As soon as its available I'll post that its out. Youll be able to install the update from "t...
by mikeshinn
Fri Jun 07, 2019 4:16 pm
Forum: Atomic OSSEC
Topic: New machine learning features in OSSEC
Replies: 0
Views: 66654

New machine learning features in OSSEC

We're proud to announce the release of our next generation of our cloud based machine learning system for our Atomic Worload Protection and Atomic Enterprise OSSEC customers. What you'll see in both products now is that our cloud based machine learning engine is now able to detect and block attacks ...
by mikeshinn
Tue May 07, 2019 10:37 am
Forum: OSSEC
Topic: ossec client.keys is missing agent details frequently
Replies: 1
Views: 7218

Re: ossec client.keys is missing agent details frequently

What version of the hub and agents are you using?
by mikeshinn
Wed Apr 17, 2019 3:04 pm
Forum: Atomic Protector (formerly ASL)
Topic: Machine learning features in ASL Question
Replies: 2
Views: 24047

Re: Machine learning features in ASL Question

Its enabled by regardless of your current settings, unless youve disabled OSSEC on the system.
by mikeshinn
Fri Apr 12, 2019 11:51 am
Forum: Atomicorp Announcements
Topic: New machine learning features in ASL and OSSEC
Replies: 0
Views: 69532

New machine learning features in ASL and OSSEC

We're proud to announce the release of our next generation of our cloud based machine learning system for our ASL and OSSEC customers. What you'll see in both products now is that our cloud based machine learning engine is now able to detect and block attacks across any protocol on the system, for e...
by mikeshinn
Fri Mar 01, 2019 4:07 pm
Forum: General Help and Development Discussion
Topic: Public key error when updating mod_security RPM
Replies: 5
Views: 46538

Re: Public key error when updating mod_security RPM

You should definitely not use that version of modsecurity. There are both bugs and limitations in 2.7.7, you should use 2.9.2 or 2.9.3.
by mikeshinn
Tue Feb 19, 2019 5:03 pm
Forum: OSSEC
Topic: Long messages being truncated when sent using syslog_output.
Replies: 10
Views: 15281

Re: Long messages being truncated when sent using syslog_out

I know in the past this limit was required because not all syslog listeners could handle messages larger than that.
by mikeshinn
Sun Dec 23, 2018 5:01 pm
Forum: OSSEC
Topic: OSSEC - Signatures/Updates info.
Replies: 2
Views: 6894

Re: OSSEC - Signatures/Updates info.

1- Which detection mechanism OSSEC uses? e.g. signature base, heuristic base, behavior base. That depends on what version you are using. If you're using the latest, OSSEC is rule based, signature based, behavior based, machine learning based and cooperative cloud based learning. 2- How to update OSS...
by mikeshinn
Wed Nov 14, 2018 4:44 pm
Forum: Atomic Protector (formerly ASL)
Topic: CentOS 7.5: Could not retrieve mirrorlist error was 14
Replies: 5
Views: 27265

Re: CentOS 7.5: Could not retrieve mirrorlist error was 14

Could you send an email to support AT atomicorp.com. Well get someone on your system to see whats blocking the installation.
by mikeshinn
Thu Nov 08, 2018 7:08 pm
Forum: Atomic Protector (formerly ASL)
Topic: CentOS 7.5: Could not retrieve mirrorlist error was 14
Replies: 5
Views: 27265

Re: CentOS 7.5: Could not retrieve mirrorlist error was 14

Is yum configured to exclude kernel* rpms? And is this system a VPS or a bare iron server?
by mikeshinn
Wed Nov 07, 2018 4:28 pm
Forum: Atomic Protector (formerly ASL)
Topic: CentOS 7.5: Could not retrieve mirrorlist error was 14
Replies: 5
Views: 27265

Re: CentOS 7.5: Could not retrieve mirrorlist error was 14

What happens when you run:

yum upgrade kernel-asl
by mikeshinn
Thu Aug 16, 2018 12:44 pm
Forum: Atomic Protector (formerly ASL)
Topic: Clamscan consuming all resources
Replies: 2
Views: 24048

Re: Clamscan consuming all resources

We dont use clamscan. Based on your screenshot you've got amavis installed and its using clamscan to scan incoming emails.