Hi Daniel:
Awesome.
Thank you.
I have been experimenting with an active-response script that runs a
script on my firewall control host to block access to my entire network
for a machine that triggers a respose. I have not deployed yet because I
haven't had time to overcome the issue that my firewall control host is
running
Hi Peter,
It is currently possible to do what you want. Inside the
active-response configuration there is a location
option where you specify where to execute the response...
It can be:
* local: on the agent that generated the event,
* server: on the OSSEC server,
* defined-agent: