You can add them to local_rules.xml or another file (other than the
OSSEC default file). I use a bunch of
/var/ossec/rules/wip/local_$DAEMON_rules.xml files, and add a
rule_dirrules/wip/rule_dir to the manager's ossec.conf.
You can email this list or the dev list with the rules. You can also
I am working on a bunch of updated rules for PIX/ASA firewall
messaging - my question is since these use an existing decoder and
group of rules, what is the best way to add them. Should I be using
local_rules or how could I contribute them to update the pix_rules
set?
thanks
k