Your Garage Luxury Beauty Best Books of the Month STEM nav_sap_plcc_ascpsc Limited time offer Wickedly Prime Handmade Mother's Day Gifts hgg17 Shop Popular Services DrWho DrWho DrWho  Introducing Echo Look Starting at $49.99 Kindle Oasis Nintendo Switch Shop Now disgotg_gno_17

Customer Reviews

3.9 out of 5 stars
14
Format: Paperback|Change
Price:$38.07+ $3.99 shipping
Your rating(Clear)Rate this item


There was a problem filtering reviews right now. Please try again later.

Showing 1-10 of 10 reviews(Verified Purchases). See all 14 reviews
on April 20, 2017
I did learn enough to setup my own OSSEC server/agent deployment but the book references 1.4 and they are on version 9.0. The running narrative throughout the book is distracting. It is not a native Kindle book and just an OCR conversion with a lot of mistakes. Its the only real book available so I paid the $50+ to get it but wish there was something better.
0Comment|Was this review helpful to you?YesNoReport abuse
on January 15, 2016
The book is very good, but I am disappointed that the ebook which is advertised on the front and rear cover is not available, and the publisher seems to be less then willing to help people obtain it.
0Comment| One person found this helpful. Was this review helpful to you?YesNoReport abuse
on September 1, 2012
The book explains how to use OSSEC reasonably well. It's got the facts you need. I did find the occasional typo in the prose but none in the config examples. A few things that annoyed me:

1. They almost seem to be going for page count. Plenty of redundancy. I know some people like the introduce, tell, revisit, style of learning. I prefer something more succinct. They start each chapter with a fictional story, they cover the nitty-gritty (most useful part), then they summarize, then they have a "Solutions Fast Track" which is checklist style summary of the main points, then they have a Frequently Asked Questions section which covers a lot of what came before. They do this pattern for each chapter

2. The little story at the beg involving the odd made-up names seemed unnecessary and contrived.

3. The chapter on Data Mining was surprisingly light. No code, no useful examples, just a general discussion of what it is and what it is good for. Barely anything on using OSSEC to facilitate it.

I was a bit disappointed that OSSEC didn't contain any fancy heuristics for rootkit detection. It's just checking for signatures like the existence of certain files etc. This seems pointless as there are no signature updates available as far as I know and I'm relatively unlikely to be hit by an old rootkit.

The file integrity monitoring I've decided to do with AIDE which is bundled with CentOS. There's nothing special about OSSEC's.

The log monitoring/parsing/analysis I've decided to do with Splunk in one installation (the client has tons of money) and logstash in another (the client is a small business and very frugal).

Overall I guess I'm glad I read this book because now I have a more complete appreciation for what OSSEC can do and can be reasonably happy that I'm not really missing anything in not using OSSEC.
11 comment| 5 people found this helpful. Was this review helpful to you?YesNoReport abuse
on December 14, 2009
I should have read the other reviews before purchasing - there is no free ebook download as expected. I had to find out the hard way by emailing Syngress, who was extremely unwilling to do anything about this. What a disappointment.

Otherwise, the book itself is a handy reference to have. But, you probably could get more takeaways from just learning OSSEC on your own and using the OSSEC users list as a point of reference.

Good book but it needs to be updated (especially the cover!). I expected more of this - like the granular details within each topic (active response, rules, decoders, etc). This is a very good book to get a quick overview and understanding, but for those who are well-experienced or familiar with OSSEC, it's not much of a huge help.

*EDIT/UPDATE*
Oddly enough, I received a follow-up email from Syngress not long after posting this review. Seems they read up on things ;) Anyway, they sent me a temporary link to download the PDF so I was pretty satisfied. But that doesn't excuse the fact that they need to update the product information in terms of indicating that there is no ebook. Either way, thank you Syngress. Updating my review to 4-stars rather than 3.
0Comment| One person found this helpful. Was this review helpful to you?YesNoReport abuse
on May 10, 2016
This is a great book, OSSEC is one of the least known intrusion detection systems but is absolutely the most versatile I have ever known. It can do just about anything with it's active response feature, only limited by your imagination.
0Comment|Was this review helpful to you?YesNoReport abuse
on March 1, 2013
This is exactly what it says it is. A guide to how to use OSSEC. (more or less). It's written as a story which is sort of strange but pretty much everything you need to get off the ground is in the book.
0Comment|Was this review helpful to you?YesNoReport abuse
on April 27, 2009
I bought this book for 2 reasons. One was as a main reference for a term paper I am writing in the Masters program I am taking at ECU and the other was to learn more about this open source HIDS for my own personal use. The book, I feel, goes into great detail about the software from the download to writing a policy. Most books will not say anything about a policy, they just talk about the software and leave you at that. If you are using, thinking about using or want to learn about HIDS then I suggest buying this book. A big bonus is that Daniel Cid is one of the authors. Most books may only reference the creator of the software, few actually have the creator as an author. Awesome book.
11 comment|Was this review helpful to you?YesNoReport abuse
on April 6, 2013
More information in the book than available on the OSSEC site. Without this book it would take far longer to learn the tool.
0Comment|Was this review helpful to you?YesNoReport abuse
on December 24, 2014
Great examples for fine-tuning rules and alerts. Great supplement to online resources.
0Comment|Was this review helpful to you?YesNoReport abuse
on January 14, 2017
Must buy for anyone working on OSSEC
0Comment|Was this review helpful to you?YesNoReport abuse