Thank you for the clarification.:)
On Tuesday, May 7, 2013 10:00:40 AM UTC-7, dan (ddpbsd) wrote:
>
> On Tue, May 7, 2013 at 12:16 PM, Ali man >
> wrote:
> > I'm testing ossec active respone, by way of detecting scan attempts on
> > webserver (e.g 404).
> >
> > My active response ossec.conf i
On Tue, May 7, 2013 at 12:16 PM, Ali man wrote:
> I'm testing ossec active respone, by way of detecting scan attempts on
> webserver (e.g 404).
>
> My active response ossec.conf is
>
>
> route-null
> local
>
> 31151
> 600
>
>
> One thing I'm not sure
I'm testing ossec active respone, by way of detecting scan attempts on
webserver (e.g 404).
My active response ossec.conf is
route-null
local
31151
600
One thing I'm not sure about , how does ossec agent detects this behavior
beside it has