Atomicorp

If I understand what you may be doing, agents connect to the server the server doesnt connect to the agents. Does the server search for agents to the two ips I set in the server's ossec conf ? or is it only the agent that try to connect to the server (in this last case there is no way the agent can ...

Could you share a copy of your agent and hubs config files?

Please open a support ticket for Atomic OSSEC in the support portal:

https://support.atomicorp.com

Yes, the intent of rule 1002 is to catch anything that doesnt match an existing rule, and by default it will always be sent regardless of your other global settings. The rule indicates that theres something OSSEC doesnt understand (yet) but could be a problem and you should investigate it (and add a...

That should work for your system. There are some rules that are set to always be delivered regardless of level by default (this can be over ridden in the rule), what was/are the rule IDs youre being sent that are below 7?

Could you tell me what version of OSSEC you are using?

The virtual appliances are no longer maintained.

Could you send an email to support@atomicorp.com so we can look up your OSSEC+ account?

Opensearch is the Apache 2.0 licensed fork of Elastic Search.

The active-responses.log file should tell you the rule that was triggered, for example:

Tue Jul 12 12:32:21 PDT 2022 /var/ossec/active-response/bin/host-deny.sh add - 1.2.3.4 1657654341.8325652 477641

477641 is the rule that was triggered.

Its actually hosted in three different data centers (on two different continents), this issue occurred when we add ipv6 support to the load balancers and the VLANs did not propagate the IPv4 networks as well due to a bug in the VLAN software. The systems have been updated and the issue should not oc...

aum doesnt understand nginx yet, so for now you will need to download the nginx rules manually. We do recommend using our prebuilt modsecurity plugin for nginx: https://docs.atomicorp.com/gotrootModsec/linux/index.html#manual-installation-nginx Please let us know if you need any help setting this up.

We have made our new AWP 7.0 interface available for alpha testing. If you are interested in trying it out, you can upgrade with: yum --enablrepo=asl-7.0-testing upgrade awp-web image (2).png The interface is not feature complete , but it has the new custom dashboard interface available now. You can...

Thats normally the output if you only installed the agent, youll need to install the server.

If you think you did, could you share with us the commands you ran to install the server?

OSSEC doesnt require a web server, so it doesnt matter what you install web server wise. Is there something youre trying to do with ossec that requires a web server?

CentOS 7 is good through 2024. Or you can switch to Rocky Linux which is CentOS8 equivalent .