Hi Rob,

I'm not sure, but you can increase the level to 1 and:

set the attribute noalert 
<https://github.com/wazuh/wazuh-ruleset/blob/master/rules/0035-spamd_rules.xml#L11>
:

<rule id="?" level="1" noalert="1">

or use the options no_log 
<https://github.com/wazuh/wazuh-ruleset/blob/master/rules/0060-firewall_rules.xml#L21>
:

<options>no_log</options>

Let me know if it works.

Regards.



On Friday, April 14, 2017 at 12:05:08 AM UTC+2, dan (ddpbsd) wrote:
>
> On Wed, Apr 12, 2017 at 1:40 PM, Rob Williams <tsinfo...@gmail.com 
> <javascript:>> wrote: 
> > Essentially, I want to trigger an active response for a rule that I 
> created 
> > that has a severity level of 0. I created this rule because I did not 
> want 
> > to be alerted on the default rule and only wanted to be alerted based on 
> the 
> > output from my active response. My question is if I have the severity 
> level 
> > of 0, will it just be completely ignored without the active response 
> even 
> > triggering? I ask because I'm having trouble setting it up properly and 
> want 
> > to rule out if this is the cause. Thank you for your help in advance. 
> > 
>
> I think it will be ignored, but I've never tried it. You could try 
> bumping the level to 1 to see if that fixes the issue. 
>
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com <javascript:>. 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to