On 05/24/2011 09:33 PM, treydock wrote:
With those active response rules built in, would this be the preferred
method for enabling alerts specifically for those rules? (for example
in case the alert threshold is above Level 3)
<email_alerts>
<email_to>u...@example.com</email_to>
<rule_id>601, 602, 603, 604, 605, 606</rule_id>
</email_alerts>
It would probably be easier to use the active_response group, like so:
<email_alerts>
<email_to>u...@example.com</email_to>
<group>active_response</group>
</email_alerts>
Secondly, how far from the current stable release is that revision?
Not sure. That all depends on Daniel and if/when he wants these for the
next release. I prepared them for inclusion but it's ultimately up to
him what goes in, how it looks and when the release will be.
