On 8/23/12 10:49 AM, Michael Starks wrote:
rule id=4386 level=10 frequency=8 timeframe=240
if_matched_sid4334/if_matched_sid
descriptionNultiple AAA (VPN) authentication
failures./description
groupauthentication_failures,/group
/rule
Thanks for your answer, but I would like to
Hi,
I am new to ossec, I would like to write a rule that will check for an
occurrences when a rule is fired and if it is fired at a certain rate,
do something.
A scenario, I would like to write a rule that monitors all alerts and if
I found more than 5 identical alerts from the same machine,