Hello,
On ossec 2.8.3 I am trying to get alerts only for rdp autentications alerts
from windows agents.
These events are shown in the event log
Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
for example with eventID 1149
I have in my windows agents conf file
On Aug 23, 2017 6:18 AM, "Ritu Soni" wrote:
Hello,
My work requirement is that OSSEC should generate an alert " Attack
Detected " ,when the request from same ip address is received by the server
for 3 or more times within 300 seconds.
I have done changes in
Hello,
My work requirement is that OSSEC should generate an alert " Attack
Detected " ,when the request from same ip address is received by the server
for 3 or more times within 300 seconds.
I have done changes in syslog_rules.xml file:
**
*attacks|attack|automatic_attack*
*