[ossec-list] getting autentication alerts from Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

Hello, On ossec 2.8.3 I am trying to get alerts only for rdp autentications alerts from windows agents. These events are shown in the event log Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational for example with eventID 1149 I have in my windows agents conf file

Re: [ossec-list] Re: Testing OSSEC

On Aug 23, 2017 6:18 AM, "Ritu Soni" wrote: Hello, My work requirement is that OSSEC should generate an alert " Attack Detected " ,when the request from same ip address is received by the server for 3 or more times within 300 seconds. I have done changes in

Re: [ossec-list] Re: Testing OSSEC

Hello, My work requirement is that OSSEC should generate an alert " Attack Detected " ,when the request from same ip address is received by the server for 3 or more times within 300 seconds. I have done changes in syslog_rules.xml file: ** *attacks|attack|automatic_attack* *