Hi everyone, here is my ossec.conf on the server:
firewall-drop
server,all
31152
600
30,60,90,120,150
rule 31152 is:
31103
Multiple SQL injection attempts from same
souce ip.
attack,sql_injection,
After i tried to SQL injection to
Hi Ian,
try this rule:
18105
192.168.1.120
ignore 192.168.1.120.
ossec-logtest:
2017 Jul 02 22:38:47 WinEvtLog: Security: AUDIT_FAILURE(5152): Microsoft-
Windows-Security-Auditing: (no user): no domain: leaf-1: The Windows
Filtering Platform blocked a packet.
Hi Fredrik,
do you want to ignore the rule 5501 if it is fired by your script?. is it
not enough with the hostname and the user?.
Regards.
On Monday, July 3, 2017 at 12:10:18 PM UTC+2, Fredrik Hilmersson wrote:
>
> Hello,
>
> Lets say I have a script which runs once every half an hour. With a