> On Nov 13, 2019, at 6:17 AM, dan (ddp) <ddp...@gmail.com> wrote:
>
> On Thu, Nov 7, 2019 at 11:16 AM bill evergreen <bill.evergr...@gmail.com>
> wrote:
>>
>> Hello list,
>>
>> does Ossec alert if there are processes running without a binary on disk?
>>
>> Thank's a lot for any feedback
>>
>
> I don't think there's any rules for this.
>
>> Bill
>>
I believe you can use Osquery for this. You can integrate Osquery with Wazuh.
Phil
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ossec-list+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ossec-list/CAAmYSevq1oU75KESvCPQAA6BVq%2BhRfd_DJLx%2Bryvy_atfDO4%3Dw%40mail.gmail.com.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/CAMyQvMqqRs_Bk9LEKbRdGdpkZRQnEHdZ_t8UCPNOCidjWcmwyw%40mail.gmail.com.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/B9EFDD75-9EBD-42E9-98A4-C0F11EB11DB7%40gmail.com.
