Yes; try cdb lists
http://www.ossec.net/doc/manual/rules-decoders/rule-lists.html
Sent from my iPhone
On Nov 19, 2010, at 6:50 PM, dtakem...@thdfsg.com wrote:
>
> I'm trying to write a rule to match on a regex, but only if it comes from
> certain hosts.
>
> It's easy enough to do this:
>
I'm trying to write a rule to match on a regex, but only if it comes from
certain hosts.
It's easy enough to do this:
1002
10.10.10.10
10.10.10.20
[\d+]: this is a false positive
no_email_alert
Don't send email alerts on these bogus false
positives
if there's onl