Dear all, I have just started testing ossec for deployment at work to our client machines, and we are very impressed so far. There are however a few useful features lacking from/that I can't find in the Windows agent that would be very handy. Does anyone know if they are available or planned for future releases?
1. The ability to run the agent hidden and prevent the process from being closed so we can run it on an unprivileged user and be sure it's running. 2. The ability to get the agent to fire not just an e-mail, but also to run a remote script on the client if an event is triggered, for example agent detects skype.exe running, it sends an e-mail to our helpdesk and runs a script to tell the user and close skype. This also allows for quick fixes to stop a user running a vulnerable application, active response, if you like. 3. Exceptions, so that we can exempt certain servers/clients from some rules. 4. md5 file checking, to aid registry version checking. We sometimes md5sum the exe of a program we have installed if it doesn't leave a good reg key behind to check. It is also handy to checksum so exe's to make sure that they haven't been tampered with. Thanks for all the great work, Best Regards Scott Minns -- This e-mail and any attachments are intended for the addressee only and may be confidential. If you are not the intended recipient, please advise the sender as soon as practicable and delete the e-mail from your system. The University of Chichester is a company limited by guarantee, registered in England and Wales. Registration number 4740553. The registered office is College Lane, Chichester, West Sussex, PO19 6PE.
