<rule id="514" level="2" overwrite="yes">
<if_sid>510</if_sid>
<match>^Application Found</match>
<options>alert_by_email</options>
<description>Windows application monitor event.</description>
<group>rootcheck,</group>
</rule>
This is in my local rules and has not sent an email, however if I look
at rootcheck there is data/matches in there. \
Also in the msauth rules when an application is installed or
uninstalled the config alert_by_email, however that does not email
either. Can someone point me in the right direction? Thanks.
Dan
