AFAIK - OSSEC already checks those run locations. I've wondered about the
Wow6432Node Run location, but I believe it checks those too.
Check your ossec.conf on the clients and you'll see those Run locations are
in there by default.
On Wednesday, December 14, 2016 at 11:27:10 AM UTC-8,
Hello everyone,
I am new to OSSEC and I have just installed a local agent on my Ubuntu
server. Whenever I ssh to the machine I get email notifications "Integrity
checksum changed again." for files:
/etc/azsec/lastScan.xml
/etc/alternatives/from
/etc/group-
/etc/init.d/.depend.stop
On Wed, Dec 14, 2016 at 7:20 AM, Francesco Raimondi
wrote:
> Greetings,
>
> I have some problem trying to detect a process running on the machine.
> Specifically, I want to detect the process "tor.exe" by using
> win_applications_rcl.txt
> Here's my directive:
>
>
On Wed, Dec 14, 2016 at 9:50 AM, Bertrand Danos wrote:
> Without the action match and order, it's OK :
>
I feel like there was a limit in the number of entries in the
field. Maybe it's 9?
What about something like this:
>
>
> netasq
> logtype="filter"
> ^id=(\S+)
On Thu, Dec 15, 2016 at 8:04 AM, Benbrahim Anass
wrote:
> hi everyone,
>
> i have an ossec Forwarding Logs to a graylog in format CEF, the port on
> graylog is open, ossec telling me it's forwarding logs but when i check w\
> netstat, i dont see any connection
If you run
On Fri, Dec 16, 2016 at 7:54 AM, Benbrahim Anass
wrote:
> What a Groupe Guys, Responding is so fast. well DONE!!
>
Well now I definitely want to help you.
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To