I understand that ossec will report on hidden processes which is designed to detect rootkits etc.
However, is it also possible to white-list trusted processes, and then have ossec report on new processes which are not on the white-list? I understand that there are many background tasks and building a white-list could be tedious, result in false-positives etc, but is such an arrangement possible with ossec or something similar? Thank you -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
