Hello Dan,
Thank you for your feedback. I have changed the frequency to 900
sec, and inspected the ossec.log. I noted that inside the log file none of
the agent.conf directories where present. Any theories on why the
ossec.conf syscheck content is showing up in ossec.log, and the agent.
Hello fellow googlers,
The GOAL:
For every user on my windows OSSEC agent, generate OSSEC alert severity 10
when new file added to
C:\Users/*/%AppData%/Local/Temp directory
Where star was supposed to be the wildcard place holder to instruct OSSEC
to mean ANY user
The Attempt & RESULTS: