Apica Ascent-OSSEC Agent for Windows

We have discussed earlier how to make a ossec-hids App Extension.

After creating a App Extension you can copy the LoadBalancer-IP and authtoken from the Explore > App Extension page.\

After this, you are ready to connect the Apica-OSSEC Agent to the Apica-OSSEC Manager. Please download this powershell script file and run it from the source machine with 2 parameters.

Required Parameters:

LOGIQ_OSSEC_MANAGER
LOGIQ_OSSEC_PASSWORD

You can find these 2 values in Explore > App Extensions > ossec-hids.

LOGIQ_OSSEC_MANAGER is the LoadBalancer-IP.

LOGIQ_OSSEC_PASSWORD is the authtoken.

You can run this powershell script like this.

NOTE: Please replace the LoadBalancer-IP, and authtoken in the below command.

 .\logiq-ossec-installer.ps1 -LOGIQ_OSSEC_MANAGER "<Loadbalancer-IP>" -LOGIQ_OSSEC_PASSWORD "<authtoken>"

This script will run for approximately 20 seconds, you will be able to see that the Security events will be coming in the Dashboard > Security Monitoring - Overview.

PreviousOSSEC Variants (OSSEC/WAZUH/ATOMIC)NextPalo Alto Firewall

Last updated 1 year ago