Thanks Pedro - just to check as per my OP, does it do this for LINUX
systems also, aside from Windows?
ian
On Wednesday, 17 May 2017 09:40:44 UTC+1, Pedro Sanchez wrote:
>
> Hi,
>
> OSSEC has the capability to detect running processes as well as look for
> existing registry keys or folders pres
As the default audit plugins for MySQL are somewhat horrific (XML is not a
log format), and the log syntax for MySQL is multi-line, I've been looking
for other options.
The MariaDB audit plugin so far looks very nice-- It's highly tunable in
terms of what it can report and it plays nice with s
Thanks Pedro, really appreciable.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://gr
Hi all,
I think there is a misunderstanding. According to your *full_log*, I can
see 2 "Account name" fields, the first one is *SubjectUserName*, and the
second one is *TargetUserName*. We are only extracting the *SubjectUserName*
as *Account name*. So, if you paste here your log, I can improve
Hi,
OSSEC has the capability to detect running processes as well as look for
existing registry keys or folders present on the system, you could use that
to detect the rogue software.
Example of getting running processes in Windows and trigger an alert when
needed (using localfiles / logcollector
An agent is connected if the manager received a keep alive on the past 30
minutes.
The agent sends (by default) a keep alive message every 10 minutes,
everytime manager get a new keep alive, update an internal file for that
particular agent, if the agent after three tries (30 minutes) don't reach
t
Hi AntonH,
I can see your full_log on Kibana screenshots, it seems like even OSSEC is
not getting that field on the raw_log, meaning we are not extracting it
from the EventChannel.
Currently OSSEC is not extracting all the fields detail on the XML, related
code:
https://github.com/wazuh/wazuh/blob