[ossec-list] %AppData% alert on new file creation proper setup

Hello fellow googlers, The GOAL: For every user on my windows OSSEC agent, generate OSSEC alert severity 10 when new file added to C:\Users/*/%AppData%/Local/Temp directory Where star was supposed to be the wildcard place holder to instruct OSSEC to mean ANY user The Attempt & RESULTS:

Re: [ossec-list] %AppData% alert on new file creation proper setup

On Sat, Mar 25, 2017 at 4:54 AM, wrote: > Hello fellow googlers, > > > The GOAL: > > For every user on my windows OSSEC agent, generate OSSEC alert severity 10 > when new file added to > > C:\Users/*/%AppData%/Local/Temp directory > > Where star was supposed to be

Re: [ossec-list] Do I need to create a new decoder for a custom rule?

On Sat, Mar 25, 2017 at 6:32 PM, Justin Redman wrote: > I'm receiving generic level 2 rule 1002 "Unknown problem somewhere in the > system" alerts. It is opendkim reporting "bad signature data" in syslog when > receiving email from some domains. Unfortunately not everyone