Hi, i'm trying to detect a DoS attack from Kali Linux to certain hosts.
at first i do a Nessus scan to check the host vulnerabilities, and a Sparta scan to see the open ports, this part was OK, OSSIM detect the Nessus as a Brute Force attack.
Secondly, i start a DoS against some open ports using both Slowloris and Siege, but OSSIM doesn't detect these attacks.
I try to suppress (comment) the rules against DoS and Http-Events from NIDS, but nothing happeed.
Also, i try to add some rules (from Snort and Suricata) to the NIDS (and uncomment the default DoS and Http-Events rules), and nothing.
and finally i try to create my own policy and directives.
And nothing, again.
someone can help me?
thanks in advance