The script is only valid for Wazuh.
On Thursday, June 8, 2017 at 2:31:24 PM UTC+2, Alexis Lessard wrote: > > I did see that script. Seemed really interesting. Due to a lack of a test > environment, I didn't try it, but reading it, I was under the impression > that it only worked with a wazzuh installation and not with ossec vanilla. > Would it actually work without installing wazzuh? > > Le jeudi 8 juin 2017 05:14:07 UTC-4, Jesus Linares a écrit : >> >> Hi Alexis, >> >> Dan's method is the faster way to do it and it should work properly. >> >> Saying that, Wazuh does a great effort to centralice decoders, rules, >> rootchecks and OpenSCAP content in wazuh-ruleset >> <https://github.com/wazuh/wazuh-ruleset> repository. Also, a script >> <https://documentation.wazuh.com/current/user-manual/ruleset/update.html>to >> update the ruleset is provided. Unfortunately, the ruleset (and the script) >> only works with Wazuh manager 2.0 due to compatibility issues (we included >> dynamic >> fields >> <https://documentation.wazuh.com/current/user-manual/ruleset/dynamic-fields.html>) >> >> but OSSEC agents are fully compatible with Wazuh manager. >> >> I hope it helps. >> Regards. >> >> On Thursday, June 8, 2017 at 3:48:05 AM UTC+2, dan (ddpbsd) wrote: >>> >>> On Wed, Jun 7, 2017 at 4:24 PM, Alexis Lessard >>> <alexisl...@gmail.com> wrote: >>> > Hi! >>> > >>> > What is the cleanest and easiest way to updates rules and signatures >>> of >>> > attacks and threats in ossec? I'm looking maybe for a command I could >>> use to >>> > automate it. When I execute bin/manage_agents -V (to obtain version), >>> I get >>> > this: >>> > OSSEC HIDS v2.8.3 - Trend Micro Inc. >>> > >>> > According to the documentation for 2.8.1 right here, in order to >>> update >>> > those rules, we have to download the installation package and >>> reinstall it. >>> > The installation script should ask us to update. That seems pretty >>> > complicated and unorthodox. Is there a simpler way? >>> > >>> >>> Clone the github repo, copy the decoder.xml and rules files to the >>> proper directory, restart ossec. >>> >>> > Also, I think I should ask that question: Does anyone know how often >>> does >>> > ossec update their signatures and rules, or if they update them at >>> all? >>> > >>> >>> When we do. A lot of it depends on how often people submit new rules, >>> decoders or even log samples. >>> >>> > Thanks! >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an >>> > email to ossec-list+...@googlegroups.com. >>> > For more options, visit https://groups.google.com/d/optout. >>> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
