[ossec-list] Re: USB storage detect & recursive file list

Ok, this seems to work better on the Ad network with the Powershell lock down we have at work at the moment.. 530 ossec: output: 'USB-Audit' USB Connected - Current Session Information full_command C:\Admin_Tools\USB_Audit\ps-usb.bat 60 USB-Audit

Re: [ossec-list] postfix-reject decoder not working with port in log entry

On Wed, Apr 20, 2016 at 5:15 PM, Tobias Margiani wrote: > Hi, > > Trying to configure OSSEC for our mail server I noticed that our postfix log > format is different from what ossec expects with the default rules. > > The postfix-reject decoder reads the source ip and and an

Re: [ossec-list] rule based geoip block

Hi Gil! Found your post (question) as I was researching options to create rules with geoip-attributes. I would also be very interested in doing what you suggest below e.g. !US . When I learned this wasn't possible, I tried to make use of the active_respone feature and a simple sh-script and