Search found 1669 matches

by mikeshinn
Fri Jun 07, 2019 4:16 pm
Forum: Atomic OSSEC
Topic: New machine learning features in OSSEC
Replies: 0
Views: 9190

New machine learning features in OSSEC

We're proud to announce the release of our next generation of our cloud based machine learning system for our Atomic Worload Protection and Atomic Enterprise OSSEC customers. What you'll see in both products now is that our cloud based machine learning engine is now able to detect and block attacks ...
by mikeshinn
Tue May 07, 2019 10:37 am
Forum: OSSEC
Topic: ossec client.keys is missing agent details frequently
Replies: 1
Views: 3240

Re: ossec client.keys is missing agent details frequently

What version of the hub and agents are you using?
by mikeshinn
Wed Apr 17, 2019 3:04 pm
Forum: Atomic Protector (formerly ASL)
Topic: Machine learning features in ASL Question
Replies: 2
Views: 5419

Re: Machine learning features in ASL Question

Its enabled by regardless of your current settings, unless youve disabled OSSEC on the system.
by mikeshinn
Fri Apr 12, 2019 11:51 am
Forum: Atomicorp Announcements
Topic: New machine learning features in ASL and OSSEC
Replies: 0
Views: 11531

New machine learning features in ASL and OSSEC

We're proud to announce the release of our next generation of our cloud based machine learning system for our ASL and OSSEC customers. What you'll see in both products now is that our cloud based machine learning engine is now able to detect and block attacks across any protocol on the system, for e...
by mikeshinn
Fri Mar 01, 2019 4:07 pm
Forum: General Help and Development Discussion
Topic: Public key error when updating mod_security RPM
Replies: 5
Views: 26448

Re: Public key error when updating mod_security RPM

You should definitely not use that version of modsecurity. There are both bugs and limitations in 2.7.7, you should use 2.9.2 or 2.9.3.
by mikeshinn
Tue Feb 19, 2019 5:03 pm
Forum: OSSEC
Topic: Long messages being truncated when sent using syslog_output.
Replies: 10
Views: 6264

Re: Long messages being truncated when sent using syslog_out

I know in the past this limit was required because not all syslog listeners could handle messages larger than that.
by mikeshinn
Sun Dec 23, 2018 5:01 pm
Forum: OSSEC
Topic: OSSEC - Signatures/Updates info.
Replies: 2
Views: 3258

Re: OSSEC - Signatures/Updates info.

1- Which detection mechanism OSSEC uses? e.g. signature base, heuristic base, behavior base. That depends on what version you are using. If you're using the latest, OSSEC is rule based, signature based, behavior based, machine learning based and cooperative cloud based learning. 2- How to update OSS...
by mikeshinn
Wed Nov 14, 2018 4:44 pm
Forum: Atomic Protector (formerly ASL)
Topic: CentOS 7.5: Could not retrieve mirrorlist error was 14
Replies: 5
Views: 6719

Re: CentOS 7.5: Could not retrieve mirrorlist error was 14

Could you send an email to support AT atomicorp.com. Well get someone on your system to see whats blocking the installation.
by mikeshinn
Thu Nov 08, 2018 7:08 pm
Forum: Atomic Protector (formerly ASL)
Topic: CentOS 7.5: Could not retrieve mirrorlist error was 14
Replies: 5
Views: 6719

Re: CentOS 7.5: Could not retrieve mirrorlist error was 14

Is yum configured to exclude kernel* rpms? And is this system a VPS or a bare iron server?
by mikeshinn
Wed Nov 07, 2018 4:28 pm
Forum: Atomic Protector (formerly ASL)
Topic: CentOS 7.5: Could not retrieve mirrorlist error was 14
Replies: 5
Views: 6719

Re: CentOS 7.5: Could not retrieve mirrorlist error was 14

What happens when you run:

yum upgrade kernel-asl
by mikeshinn
Thu Aug 16, 2018 12:44 pm
Forum: Atomic Protector (formerly ASL)
Topic: Clamscan consuming all resources
Replies: 2
Views: 5517

Re: Clamscan consuming all resources

We dont use clamscan. Based on your screenshot you've got amavis installed and its using clamscan to scan incoming emails.
by mikeshinn
Tue Jul 24, 2018 3:53 pm
Forum: Atomic Protector (formerly ASL)
Topic: CloudFlare Client API
Replies: 5
Views: 6467

Re: CloudFlare Client API

No its just a limit of the total number of IPs they and other CDNs will allow you to block at any time. Once you bit whatever limit they have you cant block anything else on their end. Keep that in mind when you use a CDN. For example, here is an article from CloudFlare documenting their limits: htt...
by mikeshinn
Mon Jul 23, 2018 2:03 pm
Forum: Atomic Protector (formerly ASL)
Topic: CloudFlare Client API
Replies: 5
Views: 6467

Re: CloudFlare Client API

IPs are already removed automatically based on whatever period you have set for normal shuns.

There is no limit the number of IPs you can shun locally, there is a limit to the number of IPs Cloudflare and other CDNs will let you block.
by mikeshinn
Fri Jul 20, 2018 6:11 pm
Forum: Atomic Protector (formerly ASL)
Topic: CloudFlare Client API
Replies: 5
Views: 6467

Re: CloudFlare Client API

It allows your system to send a request to Cloudflare to shun an IP. There is a finite limit to the number of IPs they will let you block, but this helps with the issue that a CDN prevents you from blocking IPs locally.
by mikeshinn
Wed Jul 11, 2018 4:43 pm
Forum: Requests
Topic: ClamAV 0.100.1
Replies: 3
Views: 4703

Re: ClamAV 0.100.1

ASL systems using any version of the ASL kernel are already immune to these vulnerabilities, and for at least one of them they only effect Windows systems running clamav. So if youre using the ASL kernel, you are immune.