Atomicorp

We're proud to announce the release of our next generation of our cloud based machine learning system for our Atomic Worload Protection and Atomic Enterprise OSSEC customers. What you'll see in both products now is that our cloud based machine learning engine is now able to detect and block attacks ...

What version of the hub and agents are you using?

Its enabled by regardless of your current settings, unless youve disabled OSSEC on the system.

We're proud to announce the release of our next generation of our cloud based machine learning system for our ASL and OSSEC customers. What you'll see in both products now is that our cloud based machine learning engine is now able to detect and block attacks across any protocol on the system, for e...

You should definitely not use that version of modsecurity. There are both bugs and limitations in 2.7.7, you should use 2.9.2 or 2.9.3.

I know in the past this limit was required because not all syslog listeners could handle messages larger than that.

1- Which detection mechanism OSSEC uses? e.g. signature base, heuristic base, behavior base. That depends on what version you are using. If you're using the latest, OSSEC is rule based, signature based, behavior based, machine learning based and cooperative cloud based learning. 2- How to update OSS...

Could you send an email to support AT atomicorp.com. Well get someone on your system to see whats blocking the installation.

Is yum configured to exclude kernel* rpms? And is this system a VPS or a bare iron server?

What happens when you run:

yum upgrade kernel-asl

We dont use clamscan. Based on your screenshot you've got amavis installed and its using clamscan to scan incoming emails.

No its just a limit of the total number of IPs they and other CDNs will allow you to block at any time. Once you bit whatever limit they have you cant block anything else on their end. Keep that in mind when you use a CDN. For example, here is an article from CloudFlare documenting their limits: htt...

IPs are already removed automatically based on whatever period you have set for normal shuns.

There is no limit the number of IPs you can shun locally, there is a limit to the number of IPs Cloudflare and other CDNs will let you block.

It allows your system to send a request to Cloudflare to shun an IP. There is a finite limit to the number of IPs they will let you block, but this helps with the issue that a CDN prevents you from blocking IPs locally.

ASL systems using any version of the ASL kernel are already immune to these vulnerabilities, and for at least one of them they only effect Windows systems running clamav. So if youre using the ASL kernel, you are immune.