« back to schedule

Threat Hunting with OSSEC

Maximum numbers of participants: 20. Registration will be done on site.

OSSEC is sometimes described as a low-cost log management solution but it has many interesting features which, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points. During this training, you will learn the basic of OSSEC and its components, how to deploy it and quickly get results. The second part will focus on the deployment of specific rules to catch suspicious activities. From an input point of view, we will see how easy it is to learn new log formats to increase the detection scope and, from an output point of view, how we can generate alerts by interconnecting OSSEC with other tools like MISP, TheHive or an ELK Stack / Splunk / … and add more contextual content with OSINT feeds.


  • Hardware: a laptop.
  • Software: a ssh client + a RDP client.
  • Skills: Basic UNIX/Windows concepts & administration, TCP/IP concept.


Xavier Mertens


Xavier Mertens, is a freelance cyber security consultant based in Belgium. His daily job focuses on protecting his customer’s assets by applying “defensive” security (incident handling, forensics, log management, SIEM, security visualisation, OSINT) but also “offensive” (pentesting). However, his preferred domain is playing on the Blue Team side. Besides his daily job, Xavier is also a security blogger (https://blog.rootshell.be), a SANS Internet Storm Center handler (https://isc.sans.edu) and co-organizer of the BruCON (https://www.brucon.org) security conference.

« back to schedule