Re: [ossec-list] Wazuh fork and Sysmon

Hi Rob B, There are decoders for every Sysmon event, the main fields are been extracted. There are only created rules for Sysmon Event ID 1. See the attached example: 2014 Dec 20 09:29:47

[ossec-list] iptables logs not triggering active respone nor logging

Hi, I have a strange problem which I can't solve. OSSEC v8.2.3 is working fine, active respone for apache, ssh and other services is working without problems. IPtables logs are written to a file calles iptables.log using rsyslogd. Analyzing the file using the ossec-logtest works and shows the