Hi guys, I'm new here. I want to ask some questions
I am new at Alienvault OSSIM and after successfully deploying it in an environment i noticed that event related to Alienvault host are flooding the SIEM panel. I'd like to configure ossim to show only events from the assets that i want.
Also i noticed that the OSSEC agent is a little bit unstable, sometimes it stops sending logs to the OSSIM server. what agent(s) do you suggest for collecting logs ?