Re: [ossec-list] Agent with ip of network

2017-02-16 Thread dan (ddp)
On Thu, Feb 16, 2017 at 11:57 AM, Eduardo Reichert Figueiredo wrote: > Hi all, > i tested ossec with agents (windows) set ip 10.10.10.0/24, and alway > computer within network response with your log (file integrity, evnt vwr). > But, when i have alert of integrity file (syscheck) my alert not disp

[ossec-list] Agent with ip of network

2017-02-16 Thread Eduardo Reichert Figueiredo
Hi all, i tested ossec with agents (windows) set ip 10.10.10.0/24, and alway computer within network response with your log (file integrity, evnt vwr). But, when i have alert of integrity file (syscheck) my alert not display the hostname of windows and only dispaly name of agent before configured

Re: [ossec-list] Rewrite output for accesses field in Windows Event 4656

2017-02-16 Thread Pedro Sanchez
Hi Nguyen, Thanks for the digit meaning, in my experience, for Windows or Windows desktop latest versions the digits have been replaced by the terms, but I am not sure what Windows versions have digits or terms. You could do the correlation at C level on OSSEC, maybe using a CDB List (matching fo