[ossec-list] Re: OSSEC rule to detect new run keys added to the registry

AFAIK - OSSEC already checks those run locations. I've wondered about the Wow6432Node Run location, but I believe it checks those too. Check your ossec.conf on the clients and you'll see those Run locations are in there by default. On Wednesday, December 14, 2016 at 11:27:10 AM UTC-8,

[ossec-list] Problems with Chesksums

Hello everyone, I am new to OSSEC and I have just installed a local agent on my Ubuntu server. Whenever I ssh to the machine I get email notifications "Integrity checksum changed again." for files: /etc/azsec/lastScan.xml /etc/alternatives/from /etc/group- /etc/init.d/.depend.stop

Re: [ossec-list] Check running process

On Wed, Dec 14, 2016 at 7:20 AM, Francesco Raimondi wrote: > Greetings, > > I have some problem trying to detect a process running on the machine. > Specifically, I want to detect the process "tor.exe" by using > win_applications_rcl.txt > Here's my directive: > >

Re: [ossec-list] Firewall appliance : netasq/stormshield

On Wed, Dec 14, 2016 at 9:50 AM, Bertrand Danos wrote: > Without the action match and order, it's OK : > I feel like there was a limit in the number of entries in the field. Maybe it's 9? What about something like this: > > > netasq > logtype="filter" > ^id=(\S+)

Re: [ossec-list] OSSEC not Connecting to Graylog

On Thu, Dec 15, 2016 at 8:04 AM, Benbrahim Anass wrote: > hi everyone, > > i have an ossec Forwarding Logs to a graylog in format CEF, the port on > graylog is open, ossec telling me it's forwarding logs but when i check w\ > netstat, i dont see any connection If you run

Re: [ossec-list] Re: OSSEC not Connecting to Graylog

On Fri, Dec 16, 2016 at 7:54 AM, Benbrahim Anass wrote: > What a Groupe Guys, Responding is so fast. well DONE!! > Well now I definitely want to help you. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To