My 2 cents:
1) I got tripped up by the fact that the default alert level to trigger an
active response is 6, while the default alert level to trigger an email is
7. There were a number of times when communication between 2 internal hosts
on my network suddenly stopped working, then mysteriously
Yes that did it, thanks!
:)
Natassia
On Fri, Nov 18, 2016 at 9:42 AM, Daniel Cid wrote:
> It should work with spaces or commas:
>
> monday, tuesday, friday
>
> thanks,
>
> On Fri, Nov 18, 2016 at 1:24 PM, wrote:
>
>> Is it possible to select multiple,
It should work with spaces or commas:
monday, tuesday, friday
thanks,
On Fri, Nov 18, 2016 at 1:24 PM, wrote:
> Is it possible to select multiple, discreet days using the weekday
> function?
>
> I can get the rule to run if I select a single day and it looks like I
> should be
Is it possible to select multiple, discreet days using the weekday
function?
I can get the rule to run if I select a single day and it looks like I
should be able to specify weekends or weekdays. What I would like to do is
to specify certain days, in this case Sunday, Monday, Wednesday and
Rule 18257 appears to be prone to misfire. I see it tripping for things
like this:
2016 Nov 18 10:37:26 WinEvtLog: Application: INFORMATION(302): ESENT: (no
user): no domain: BNC-O9020: Music.UI (25428)
{87E550B7-AD4D-40F7-BE5E-263C3D44C124}: The database engine has
successfully completed
Hi Dan,
Since I skipped answering this:
On Mon, Nov 14, 2016 at 11:09:52AM -0500, dan (ddp) wrote:
> > Except in a context of anon FTP servers (does anyone run those any more?)
> > blocking IPs because they connect using valid logins "too often" is a
> > dangerous default. "First, do no harm."
I started one a while ago, but i don't if it's still working and how
well remote connections and active response are supported.
Also i am unaware of where the rpm package install ossec.
Feel free to take a look.
2016-11-17 22:27 GMT+01:00 Christina Plummer :
>
>> Is there a
On Fri, Nov 18, 2016 at 5:23 AM, Kevin COUSIN wrote:
>
>
> Le jeudi 17 novembre 2016 18:15:57 UTC+1, dan (ddpbsd) a écrit :
>>
>> On Thu, Nov 17, 2016 at 11:39 AM, Kevin COUSIN
>> wrote:
>> > Hi list,
>> >
>> > I try to use agentless on cisco ios
Le jeudi 17 novembre 2016 18:15:57 UTC+1, dan (ddpbsd) a écrit :
>
> On Thu, Nov 17, 2016 at 11:39 AM, Kevin COUSIN > wrote:
> > Hi list,
> >
> > I try to use agentless on cisco ios switches. I add in ossec.conf
> >
> >
> > ssh_pixconfig_diff
> > 300