subject:"\[ossec\-list\] Question \- Crafting a rule to send a separate email to a paging device"

Re: [ossec-list] Question - Crafting a rule to send a separate email to a paging device

2012-02-02 Thread dan (ddp)

On Wed, Feb 1, 2012 at 4:21 PM, Peter M Abraham
peter.abra...@dynamicnet.net wrote:
 Good day:

 Given the following rule

  rule id=18 level=11
    if_sid18107/if_sid
    matchLogon Type: 10/match
    descriptionWindows RDP Login./description
    groupauthentication_success,/group
  /rule

 What could we add so that if the User Name is not a specific value
 AND the Source Network Address is not a specific value, that an
 email is triggered to a specific email address?

 Thank you.

rule id=180001 level=0
  if_sid18/if_sid
  userUser Name/user
  srcipSource Network Address/srcip
  descriptionIgnore stuff/description
/rule

Then create a granular email alert for rule 18.

[ossec-list] Question - Crafting a rule to send a separate email to a paging device

2012-02-01 Thread Peter M Abraham

Good day:

Given the following rule

  rule id=18 level=11
if_sid18107/if_sid
matchLogon Type: 10/match
descriptionWindows RDP Login./description
groupauthentication_success,/group
  /rule

What could we add so that if the User Name is not a specific value
AND the Source Network Address is not a specific value, that an
email is triggered to a specific email address?

Thank you.

Re: [ossec-list] Question - Crafting a rule to send a separate email to a paging device

[ossec-list] Question - Crafting a rule to send a separate email to a paging device

2 matches

Site Navigation

Mail list logo

Footer information