Awesome work! Can you submit a pull request at
https://github.com/ossec/ossec-hids?
On Wed, Jul 16, 2014 at 6:01 PM, Scott Mace sm...@xogrp.com wrote:
I've hashed together a new decoder and rules file for the new Trend Micro
Office Scan logging to Windows Event Logs. i don't quite have all the
Not exactly sure how to do that, not a dev guy. I'm actually not 100% this
works. Using the logtest utility, it does indicate the log sample will
trigger an alert, but in testing with eicar and generating the event in
OfficeScan, an ossec alert does not get generated. I got the log sample
On Thu, Jul 17, 2014 at 4:05 PM, Scott Mace sm...@xogrp.com wrote:
Not exactly sure how to do that, not a dev guy. I'm actually not 100% this
works. Using the logtest utility, it does indicate the log sample will
trigger an alert, but in testing with eicar and generating the event in
I've hashed together a new decoder and rules file for the new Trend Micro
Office Scan logging to Windows Event Logs. i don't quite have all the
result codes in there, but it's a start. Appreciate any comments,
suggestions. I'm using Ossec in AlienVault, so I'll be doing some
correlation as