HI EXP,
Unfortunately, there no exists any option to limit the active-response
executions or buffering them for now. However, to control the
active-response executions you could be more precise with rules associated
with that AR.
You could create custom rules using the frequency and timeframe
Hello Sylvain,
As you have said, the ossec.conf file is populated with a default
configuration when you install the Windows agent.
However, this default configuration is never going to have any conflict due
to the agent.conf and the ossec.conf are merged.
During that merge, the agent.conf overwr