On 04/25/2014 12:12 PM, Jesse Booth wrote:
We already have a system for our Windows events. We are using OSSec for
FIM on our Windows hosts. I would like to disable the processing of
msauth_rules.xml
I assume your alternate system doesn't just collect logs but alerts on
things like Administrator's group changes...
In that case, write a child rule of 1800 and make it level 0. I think
that will achieve your objective.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
