Hello everyone. I have some md5/sha256 hashes in a cdb list and I want to detect them with the <list></list> functionality.
The problem is that I am decoding the information with field name like "hash" but I can't really use it like that: <list field="md5">hashes</list> because OSSEC doesn't allow the usage of any fields other than the following. - Value: srcip - Value: srcport - Value: dstip - Value: dstport - Value: extra_data - Value: user - Value: url - Value: id - Value: hostname - Value: program_name - Value: status - Value: action Do you have any suggestiongs? :) Thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/ec2ede71-a91c-498e-90fd-3e8143cb9f1b%40googlegroups.com.