Thanks for the reply Dan,
I understand that line in the default rules. What I don't understand is
how Sev 7 is (according to the doc I linked to above):
_07 - “Bad word” matching. They include words like “bad”, “error”, etc.
These events are most of the time unclassified and may have some
Cool. That's what I was looking for. I think I'm just going to remove my
labeling from the sev levels in my dashboards. It might be useful to have
a note on that page advising that these labels may not always be true today.
Thanks.
Daniel
On 18 June 2015 at 09:39, dan (ddp) ddp...@gmail.com
On Jun 17, 2015 7:26 PM, Daniel X dan...@ritualmedia.co.nz wrote:
Thanks for the reply Dan,
I understand that line in the default rules. What I don't understand is
how Sev 7 is (according to the doc I linked to above):
_07 - “Bad word” matching. They include words like “bad”, “error”, etc.
On Wed, Jun 10, 2015 at 2:15 AM, Daniel X dan...@ritualmedia.co.nz wrote:
Hi OSSECers,
I've recently been working with Splunk dashboarding (using the Splunk for
OSSEC app as a starting point).
One of the features I've expanded is the 'top severities list', where I've
named the severities
Hi OSSECers,
I've recently been working with Splunk dashboarding (using the Splunk for
OSSEC app as a starting point).
One of the features I've expanded is the 'top severities list', where I've
named the severities according to the Rules Classification documentation (