I'm looking for a way to detect password spraying of accounts, but without
triggering a bunch of false positives from normal user fat-fingering
activity. Before I begin rebuilding the wheel, has anyone already built
solid password spraying detection rules that they can share? At this point
it
Hi - I just wanted to check in and see if you had an opportunity to test
this and get the same results when not using the realtime nothing gets
reported after a successful run of the syscheck.
On Tue, Jan 1, 2019 at 3:32 PM dan (ddp) wrote:
> On Fri, Dec 28, 2018 at 5:47 PM wrote:
> >
> > Anyon
Hello, you need to add the ms_firewall_rules.xml to the included rule list
in ossec.conf file.
On Tuesday, January 8, 2019 at 5:20:28 PM UTC+5:30, Joe Shey wrote:
>
> Hello,
>
> I enabled logall option and got few logs related to ms_firewall_rules.xml.
> Below is a sample:
> 2019 Jan 08 18:31