src/analysisd/decoders/{decode-xml.c,syscheck.c}On Mon, Dec 12, 2011 at 10:42 AM, alsdks <[email protected]> wrote: > Hello list, > > rules 550,551,552 specifying integrity checksum alerts call upon > decoders that I haven't been able to locate in decoders.xml or > anywhere else. > > They have : > <decoded_as>syscheck_integrity_changed</decoded_as> > <decoded_as>syscheck_integrity_changed_2nd</decoded_as> > <decoded_as>syscheck_integrity_changed_3rd</decoded_as> > > Were are these decoders specified to see what are they searching for , > how they decode the event message. > > Thank you
