Hey Everyone, Huge fan of OSSEC, just got my first implementation up and operational. I have a few rules that I want to right, just for testing sake.
What we are looking to do, is to write two separate rules that achieve similar results, and more specifically we want to know when any change is created to the registry, or when any file is created/deleted on the host. I was looking at what is being monitored currently, and wondering if I put a rule in place that says notify me when "HKLM\System" changes, ALERT. Is this possible? I know it seems like a lot of information that would be rolling in, but we are just trying to see all of what we can do with OSSEC. Please let me know if you can assist. V/R, Justin -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
