simple-evcorr-users  

Messages by Thread

• • Re: [Simple-evcorr-users] (no subject) Santhosh Kumar
  • Re: [Simple-evcorr-users] (no subject) Santhosh Kumar
  • Re: [Simple-evcorr-users] (no subject) Risto Vaarandi
  • Re: [Simple-evcorr-users] (no subject) Santhosh Kumar
• [Simple-evcorr-users] Correlation Upon Aggregation Santhosh Kumar
  • Re: [Simple-evcorr-users] Correlation Upon Aggregation Risto Vaarandi
  • Re: [Simple-evcorr-users] Correlation Upon Aggregation Santhosh Kumar
• [Simple-evcorr-users] Question on rule James Lay
  • Re: [Simple-evcorr-users] Question on rule Risto Vaarandi
  • Re: [Simple-evcorr-users] Question on rule James Lay
  • Re: [Simple-evcorr-users] Question on rule Risto Vaarandi
  • Re: [Simple-evcorr-users] Question on rule James Lay
• [Simple-evcorr-users] an update to sec FAQ Risto Vaarandi
  • [Simple-evcorr-users] an update to SEC FAQ Risto Vaarandi
• [Simple-evcorr-users] list of suppress events Kagan, Eli
  • Re: [Simple-evcorr-users] list of suppress events Risto Vaarandi
  • Re: [Simple-evcorr-users] list of suppress events Kagan, Eli
  • Re: [Simple-evcorr-users] list of suppress events Risto Vaarandi
• [Simple-evcorr-users] SingleWithThreshold reference current input line Dusan Sovic
  • Re: [Simple-evcorr-users] SingleWithThreshold reference current input line Risto Vaarandi
  • Re: [Simple-evcorr-users] SingleWithThreshold reference current input line Dusan Sovic
• [Simple-evcorr-users] Suppress rule and continue filed support Dusan Sovic
  • Re: [Simple-evcorr-users] Suppress rule and continue filed support Risto Vaarandi
  • Re: [Simple-evcorr-users] Suppress rule and continue filed support Dusan Sovic
  • Re: [Simple-evcorr-users] Suppress rule and continue filed support Risto Vaarandi
  • Re: [Simple-evcorr-users] Suppress rule and continue filed support Dusan Sovic
  • Re: [Simple-evcorr-users] Suppress rule and continue filed support Risto Vaarandi
  • Re: [Simple-evcorr-users] Suppress rule and continue filed support Risto Vaarandi
  • Re: [Simple-evcorr-users] Suppress rule and continue filed support Dusan Sovic
• [Simple-evcorr-users] sec-2.8.1 released Risto Vaarandi
• [Simple-evcorr-users] updates to SEC FAQ Risto Vaarandi
  • [Simple-evcorr-users] updates to SEC FAQ Risto Vaarandi
• [Simple-evcorr-users] sec-2.8.0 released Risto Vaarandi
• [Simple-evcorr-users] Whitelisting or Blacklisting S, Santosh
  • Re: [Simple-evcorr-users] Whitelisting or Blacklisting Risto Vaarandi
  • Re: [Simple-evcorr-users] Whitelisting or Blacklisting S, Santosh
• [Simple-evcorr-users] Accesing nested fields in json logs Alberto Corton
  • Re: [Simple-evcorr-users] Accesing nested fields in json logs Risto Vaarandi
  • Re: [Simple-evcorr-users] Accesing nested fields in json logs Alberto Corton
• [Simple-evcorr-users] sec-2.8.alpha2 released Risto Vaarandi
• [Simple-evcorr-users] Ubuntu service file James Lay
• [Simple-evcorr-users] Way to corelate 2 rules with treshold Przemysław Orzechowski
  • Re: [Simple-evcorr-users] Way to corelate 2 rules with treshold Risto Vaarandi
  • Re: [Simple-evcorr-users] Way to corelate 2 rules with treshold Przemysław Orzechowski
  • Re: [Simple-evcorr-users] Way to corelate 2 rules with treshold Risto Vaarandi
• [Simple-evcorr-users] sec-2.8.alpha1 released Risto Vaarandi
  • Re: [Simple-evcorr-users] sec-2.8.alpha1 released Alberto Corton
  • Re: [Simple-evcorr-users] sec-2.8.alpha1 released Risto Vaarandi
  • Re: [Simple-evcorr-users] sec-2.8.alpha1 released Alberto Corton
  • Re: [Simple-evcorr-users] sec-2.8.alpha1 released Risto Vaarandi
  • Re: [Simple-evcorr-users] sec-2.8.alpha1 released Risto Vaarandi
  • Re: [Simple-evcorr-users] sec-2.8.alpha1 released Alberto Corton
• [Simple-evcorr-users] keepalive Kagan, Eli
  • Re: [Simple-evcorr-users] keepalive Risto Vaarandi
• [Simple-evcorr-users] Storing events of a SingleWithThreshold rule Alberto Corton
  • Re: [Simple-evcorr-users] Storing events of a SingleWithThreshold rule Risto Vaarandi
• [Simple-evcorr-users] rule reuse and file splitting Kagan, Eli
  • Re: [Simple-evcorr-users] rule reuse and file splitting Risto Vaarandi
• [Simple-evcorr-users] Input log missing in syslog-ng Inderjeet Singh
  • Re: [Simple-evcorr-users] Input log missing in syslog-ng Risto Vaarandi
  • Re: [Simple-evcorr-users] Input log missing in syslog-ng Inderjeet Singh
  • Re: [Simple-evcorr-users] Input log missing in syslog-ng Risto Vaarandi
• [Simple-evcorr-users] design question about dynamic inputs Risto Vaarandi
  • Re: [Simple-evcorr-users] design question about dynamic inputs Alberto Corton
  • Re: [Simple-evcorr-users] design question about dynamic inputs Risto Vaarandi
  • Re: [Simple-evcorr-users] design question about dynamic inputs Alberto Corton
  • Re: [Simple-evcorr-users] design question about dynamic inputs Risto Vaarandi
• [Simple-evcorr-users] PairWithWindow rule and timestamp of the first event Riska, Roni (Nokia - FI/Espoo)
  • Re: [Simple-evcorr-users] PairWithWindow rule and timestamp of the first event Risto Vaarandi
  • Re: [Simple-evcorr-users] PairWithWindow rule and timestamp of the first event Riska, Roni (Nokia - FI/Espoo)
• [Simple-evcorr-users] SEC use cases -> modifying the state of the world Andrew Nieuwsma
  • Re: [Simple-evcorr-users] SEC use cases -> modifying the state of the world John P. Rouillard
  • Re: [Simple-evcorr-users] SEC use cases -> modifying the state of the world Risto Vaarandi
  • Re: [Simple-evcorr-users] SEC use cases -> modifying the state of the world Kagan, Eli
• [Simple-evcorr-users] SEC Reading problem Jaren Peich
  • Re: [Simple-evcorr-users] SEC Reading problem Risto Vaarandi
  • Re: [Simple-evcorr-users] SEC Reading problem Andy Smith via Simple-evcorr-users
  • Re: [Simple-evcorr-users] SEC Reading problem Risto Vaarandi
  • Re: [Simple-evcorr-users] SEC Reading problem Risto Vaarandi
  • Re: [Simple-evcorr-users] SEC Reading problem Jaren Peich
  • Re: [Simple-evcorr-users] SEC Reading problem Jaren Peich
  • Re: [Simple-evcorr-users] SEC Reading problem Risto Vaarandi
  • Re: [Simple-evcorr-users] SEC Reading problem Jaren Peich
  • Re: [Simple-evcorr-users] SEC Reading problem Risto Vaarandi
• [Simple-evcorr-users] Variable set from one rule, to use with action on another rule. Kamil B
  • Re: [Simple-evcorr-users] Variable set from one rule, to use with action on another rule. Risto Vaarandi
  • Re: [Simple-evcorr-users] Variable set from one rule, to use with action on another rule. Kamil B
• [Simple-evcorr-users] Ignore first n 'bar' if 'foo' occurs Kamil B
  • Re: [Simple-evcorr-users] Ignore first n 'bar' if 'foo' occurs Risto Vaarandi
  • Re: [Simple-evcorr-users] Ignore first n 'bar' if 'foo' occurs Kamil B
• [Simple-evcorr-users] sec-2.7.12 released Risto Vaarandi
• [Simple-evcorr-users] Get last event in SingleWithThreshold rule Riska, Roni (Nokia - FI/Espoo)
  • Re: [Simple-evcorr-users] Get last event in SingleWithThreshold rule Risto Vaarandi
  • Re: [Simple-evcorr-users] Get last event in SingleWithThreshold rule Riska, Roni (Nokia - FI/Espoo)
• [Simple-evcorr-users] reading utf16 log files Risto Vaarandi
• [Simple-evcorr-users] Log Rotation Joanna Christou
  • Re: [Simple-evcorr-users] Log Rotation Risto Vaarandi
• [Simple-evcorr-users] Understanding % when creating config file global variables Stuart Kendrick
  • Re: [Simple-evcorr-users] Understanding % when creating config file global variables Risto Vaarandi
• [Simple-evcorr-users] look-up a string in a hash, then write hash value Stuart Kendrick
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Risto Vaarandi
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Jaren Peich
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Stuart Kendrick
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Risto Vaarandi
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Risto Vaarandi
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Stuart Kendrick
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Risto Vaarandi
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Stuart Kendrick
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Risto Vaarandi
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Risto Vaarandi
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Stuart Kendrick
  • Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value Stuart Kendrick
• [Simple-evcorr-users] SEC_SHUTDOWN event/delay Peter Eckel
  • Re: [Simple-evcorr-users] SEC_SHUTDOWN event/delay John P. Rouillard
  • Re: [Simple-evcorr-users] SEC_SHUTDOWN event/delay Risto Vaarandi
  • Re: [Simple-evcorr-users] SEC_SHUTDOWN event/delay Risto Vaarandi
  • Re: [Simple-evcorr-users] SEC_SHUTDOWN event/delay Peter Eckel
  • Re: [Simple-evcorr-users] SEC_SHUTDOWN event/delay David Lang
  • Re: [Simple-evcorr-users] SEC_SHUTDOWN event/delay Peter Eckel
• [Simple-evcorr-users] potential issues with mailing list Risto Vaarandi
• [Simple-evcorr-users] Sec Rule problem Jaren Peich
  • Re: [Simple-evcorr-users] Sec Rule problem Risto Vaarandi
  • Re: [Simple-evcorr-users] Sec Rule problem Jaren Peich
  • Re: [Simple-evcorr-users] Sec Rule problem Jaren Peich
  • Re: [Simple-evcorr-users] Sec Rule problem Risto Vaarandi
  • Re: [Simple-evcorr-users] Sec Rule problem Jaren Peich
• [Simple-evcorr-users] integration with systemd (update to SEC FAQ) Risto Vaarandi
• [Simple-evcorr-users] Regexp matching against context names Dusan Sovic
  • Re: [Simple-evcorr-users] Regexp matching against context names Risto Vaarandi
  • Re: [Simple-evcorr-users] Regexp matching against context names Dusan Sovic
• [Simple-evcorr-users] Sec error (invalid regular expression) James Lay
  • Re: [Simple-evcorr-users] Sec error (invalid regular expression) Risto Vaarandi
  • Re: [Simple-evcorr-users] Sec error (invalid regular expression) James Lay
• [Simple-evcorr-users] How to mail with a multiline body? Tom Damon
  • Re: [Simple-evcorr-users] How to mail with a multiline body? Risto Vaarandi
  • Re: [Simple-evcorr-users] How to mail with a multiline body? James Lay
  • Re: [Simple-evcorr-users] How to mail with a multiline body? Risto Vaarandi
• [Simple-evcorr-users] Window being ignored Yahoo
  • Re: [Simple-evcorr-users] Window being ignored John P. Rouillard
  • Re: [Simple-evcorr-users] Window being ignored Yahoo
• [Simple-evcorr-users] Negation James Lay
  • Re: [Simple-evcorr-users] Negation John P. Rouillard
  • Re: [Simple-evcorr-users] Negation James Lay
  • Re: [Simple-evcorr-users] Negation Todd M. Hall
  • Re: [Simple-evcorr-users] Negation James Lay
  • Re: [Simple-evcorr-users] Negation Todd M. Hall
  • Re: [Simple-evcorr-users] Negation James Lay
  • Re: [Simple-evcorr-users] Negation Todd M. Hall
  • Re: [Simple-evcorr-users] Negation James Lay
  • Re: [Simple-evcorr-users] Negation Risto Vaarandi
  • Re: [Simple-evcorr-users] Negation James Lay
  • Re: [Simple-evcorr-users] Negation Risto Vaarandi
  • Re: [Simple-evcorr-users] Negation James Lay
  • Re: [Simple-evcorr-users] Negation Risto Vaarandi
  • Re: [Simple-evcorr-users] Negation Todd M. Hall
  • Re: [Simple-evcorr-users] Negation Risto Vaarandi
• [Simple-evcorr-users] VIM syntax file? James Lay
  • Re: [Simple-evcorr-users] VIM syntax file? Alberto Corton
  • Re: [Simple-evcorr-users] VIM syntax file? Risto Vaarandi
  • Re: [Simple-evcorr-users] VIM syntax file? Alberto Corton
  • Re: [Simple-evcorr-users] VIM syntax file? James Lay
• [Simple-evcorr-users] sec-2.7.11 released Risto Vaarandi
• [Simple-evcorr-users] some changes in the next sec release (feedback appreciated) Risto Vaarandi
  • Re: [Simple-evcorr-users] some changes in the next sec release (feedback appreciated) James Lay
  • Re: [Simple-evcorr-users] some changes in the next sec release (feedback appreciated) David Lang
  • Re: [Simple-evcorr-users] some changes in the next sec release (feedback appreciated) Risto Vaarandi
• [Simple-evcorr-users] Test IF correlation operation exist then take action Dusan Sovic
  • Re: [Simple-evcorr-users] Test IF correlation operation exist then take action Risto Vaarandi
  • Re: [Simple-evcorr-users] Test IF correlation operation exist then take action Dusan Sovic
• [Simple-evcorr-users] Content of pattern match cache after synthetic event injection Dusan Sovic
  • Re: [Simple-evcorr-users] Content of pattern match cache after synthetic event injection Risto Vaarandi
  • [Simple-evcorr-users] Fw: Content of pattern match cache after synthetic event injection Dusan Sovic
  • Re: [Simple-evcorr-users] Fw: Content of pattern match cache after synthetic event injection Risto Vaarandi
• [Simple-evcorr-users] a very dumb issue Martin Etcheverry
  • Re: [Simple-evcorr-users] a very dumb issue Risto Vaarandi
  • Re: [Simple-evcorr-users] a very dumb issue Risto Vaarandi
• [Simple-evcorr-users] problem sending events from rsyslog to sec Martin Etcheverry
  • Re: [Simple-evcorr-users] problem sending events from rsyslog to sec Risto Vaarandi
• [Simple-evcorr-users] trying to create a rule to alarm when the i get one alarm and the cancelation didn´t arrive in 10 minutes Martin Etcheverry
  • Re: [Simple-evcorr-users] trying to create a rule to alarm when the i get one alarm and the cancelation didn´t arrive in 10 minutes Risto Vaarandi
• [Simple-evcorr-users] Variable access lcall Jaren Peich
  • Re: [Simple-evcorr-users] Variable access lcall Risto Vaarandi
  • Re: [Simple-evcorr-users] Variable access lcall Risto Vaarandi
  • Re: [Simple-evcorr-users] Variable access lcall Jaren Peich
  • Re: [Simple-evcorr-users] Variable access lcall Risto Vaarandi
  • Re: [Simple-evcorr-users] Variable access lcall Jaren Peich
• [Simple-evcorr-users] From start specific file Jaren Peich
  • Re: [Simple-evcorr-users] From start specific file Jaren Peich
  • Re: [Simple-evcorr-users] From start specific file Risto Vaarandi
  • Re: [Simple-evcorr-users] From start specific file Jaren Peich
  • Re: [Simple-evcorr-users] From start specific file Risto Vaarandi
• [Simple-evcorr-users] unique login failures Varun
  • Re: [Simple-evcorr-users] unique login failures Risto Vaarandi
• [Simple-evcorr-users] about to use sec to vcenter events Martin Etcheverry
  • Re: [Simple-evcorr-users] about to use sec to vcenter events David Lang
• [Simple-evcorr-users] Auditd EXECVE message correlation Nikolay Srebniuk
• [Simple-evcorr-users] Auditd EXECVE message correlation Nikolay Srebniuk
  • Re: [Simple-evcorr-users] Auditd EXECVE message correlation Risto Vaarandi
  • Re: [Simple-evcorr-users] Auditd EXECVE message correlation Risto Vaarandi
  • Re: [Simple-evcorr-users] Auditd EXECVE message correlation Nikolay Srebniuk

• Earlier messages
• Later messages