On Wed, Jun 7, 2017 at 4:24 PM, Alexis Lessard <alexislessar...@gmail.com> wrote: > Hi! > > What is the cleanest and easiest way to updates rules and signatures of > attacks and threats in ossec? I'm looking maybe for a command I could use to > automate it. When I execute bin/manage_agents -V (to obtain version), I get > this: > OSSEC HIDS v2.8.3 - Trend Micro Inc. > > According to the documentation for 2.8.1 right here, in order to update > those rules, we have to download the installation package and reinstall it. > The installation script should ask us to update. That seems pretty > complicated and unorthodox. Is there a simpler way? >
Clone the github repo, copy the decoder.xml and rules files to the proper directory, restart ossec. > Also, I think I should ask that question: Does anyone know how often does > ossec update their signatures and rules, or if they update them at all? > When we do. A lot of it depends on how often people submit new rules, decoders or even log samples. > Thanks! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.