[ossec-list] Event ID 560 - Object Access in Windows
buenas tardes me puse Identificación 560 Object Access en Windows Server 2003, la directiva está trabajando pero no tienen conocimiento de cómo configurarlo para que me esta regla identifica el OSSIM gracias -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Event ID 560 - Object Access in Windows
buenas tardes me puse Identificación 560 Object Access en Windows Server 2003, la directiva está trabajando pero no tienen conocimiento de cómo configurarlo para que me esta regla identifica el OSSIM gracias -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Event ID 560 - Object Access in Windows
El miércoles, 3 de octubre de 2012 10:55:47 UTC-5, Alejandro Martinez escribió: Hi all, I've googled how to recognize 560 events when then object audit in windows is turned on (create/modify/delete file on folder). I see the log coming from the agent in /var/ossec/logs/alert.log but I can't yet to get logged on a mysql backend. Everything else is working fine. I've tested with local_rules,xml but nothing. Maybe I'm missing something. Thanks all Good you need to have installed a mysql ossim data for this event and if this is how I install the database thanks -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Re: OSSEC integration into Alienvault SIEM webinar
buenos días en la empresa donde trabajo regla debe saber que la gente de eliminar o editar los archivos, ha permitido a la Directiva de seguridad local en el dominio pero no les gusta la regla para detectar esta directiva me OSSIM gracias -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Re: OSSEC integration into Alienvault SIEM webinar
good morning in the company where I work rule must be to know that people remove or edit files, has enabled the Local Security Policy on the domain but do not like the rule to detect this directive ossim me thanks -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Re: ossec
El viernes, 10 de enero de 2014 09:08:27 UTC-5, ossec_user escribió: OSSEC can detect when files are created, modified or deleted. Also, it is integrated with OSSIM out of the box. So you can install OSSEC agent on machines where you want to detect these changes, register the agents with the OSSEC server built-in the OSSIM server, configure the agents for specific files and folder monitoring and detect the events on the OSSIM interface. On Friday, January 10, 2014 1:07:19 AM UTC+5, OSCAR GIOVANNY GONZALEZ GIOVANNY GONZALEZ CRUZ wrote: good afternoon am implementing OSSIM and want to know how I can detect when files added, modified and deleted thanks in advance Ok I already have installed ossec agents in disrtintas machines that will access the folder compartidad Now configure ossec as the ossim server to perform the monitoring of files and equipment thanks in advance -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Re: ossec
Ok good afternon and installed ossec agents in Different machines have access to the shared folder Now, as I stood and equipment ossec OSSIM server for files and equipment monitoring thanks in advance -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Re: ossec
Ok good morning and installed ossec agents in Different machines have access to the shared folder Now, as I stood and equipment ossec OSSIM server for files and equipment monitoring thanks in advance -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] ossec
good afternoon am implementing OSSIM and want to know how I can detect when files added, modified and deleted thanks in advance -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.