Hi Rob, I'm not sure, but you can increase the level to 1 and:
set the attribute noalert <https://github.com/wazuh/wazuh-ruleset/blob/master/rules/0035-spamd_rules.xml#L11> : <rule id="?" level="1" noalert="1"> or use the options no_log <https://github.com/wazuh/wazuh-ruleset/blob/master/rules/0060-firewall_rules.xml#L21> : <options>no_log</options> Let me know if it works. Regards. On Friday, April 14, 2017 at 12:05:08 AM UTC+2, dan (ddpbsd) wrote: > > On Wed, Apr 12, 2017 at 1:40 PM, Rob Williams <tsinfo...@gmail.com > <javascript:>> wrote: > > Essentially, I want to trigger an active response for a rule that I > created > > that has a severity level of 0. I created this rule because I did not > want > > to be alerted on the default rule and only wanted to be alerted based on > the > > output from my active response. My question is if I have the severity > level > > of 0, will it just be completely ignored without the active response > even > > triggering? I ask because I'm having trouble setting it up properly and > want > > to rule out if this is the cause. Thank you for your help in advance. > > > > I think it will be ignored, but I've never tried it. You could try > bumping the level to 1 to see if that fixes the issue. > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
