Ok, this seems to work better on the Ad network with the Powershell lock
down we have at work at the moment..
530
ossec: output: 'USB-Audit'
USB Connected - Current Session Information
full_command
C:\Admin_Tools\USB_Audit\ps-usb.bat
60
USB-Audit
On Wed, Apr 20, 2016 at 5:15 PM, Tobias Margiani wrote:
> Hi,
>
> Trying to configure OSSEC for our mail server I noticed that our postfix log
> format is different from what ossec expects with the default rules.
>
> The postfix-reject decoder reads the source ip and and an
Hi Gil!
Found your post (question) as I was researching options to create rules
with geoip-attributes. I would also be very interested in doing what you
suggest below e.g. !US . When I learned this
wasn't possible, I tried to make use of the active_respone feature and a
simple sh-script and