Hello list, rules 550,551,552 specifying integrity checksum alerts call upon decoders that I haven't been able to locate in decoders.xml or anywhere else.
They have : <decoded_as>syscheck_integrity_changed</decoded_as> <decoded_as>syscheck_integrity_changed_2nd</decoded_as> <decoded_as>syscheck_integrity_changed_3rd</decoded_as> Were are these decoders specified to see what are they searching for , how they decode the event message. Thank you
