Re: [ossec-list] Potential Bug: Windows Security Event ID 5140 incorrectly parsed by OSSEC.

2017-02-21 Thread InfoSec
The field names. Instead of what is being collected, 2017 Feb 21 13:33:23 WinEvtLog: Security: AUDIT_SUCCESS(4627): Microsoft-Windows-Security-Auditing: (no user): no domain: Hostname: S-1-5-18 HOSTNAME$ DOMAIN 0x3e7 S-1-5-21-XX-XX-XX- Username HOSTNAME 0x22d8dd8

Re: [ossec-list] Re: Windows override Audit Events. Decoder

2017-02-21 Thread dan (ddp)
On Mon, Feb 20, 2017 at 6:08 AM, Casimiro wrote: > Version 2.8 > > Events: > > WinEvtLog: Security: AUDIT_FAILURE(5152): > Microsoft-Windows-Security-Auditing: no domain: WKUSR01.cm.shr: The Windows > Filtering Platform blocked a packet. Application Information: Process ID: 0

Re: [ossec-list] Potential Bug: Windows Security Event ID 5140 incorrectly parsed by OSSEC.

2017-02-21 Thread dan (ddp)
On Mon, Feb 20, 2017 at 6:09 AM, InfoSec wrote: > The event is from a Windows 10 system. > > I have turned on logall. I am having a hard time regenerating event ID 5140, > however I have spotted several other event types where the xml field labels > are NOT logged up by

Re: [ossec-list] Unable to establish mail communication

2017-02-21 Thread dan (ddp)
On Feb 21, 2017 9:05 AM, wrote: Hi , I am unable to receive emails triggered on events to the specified email-id. Could anyone please help me on this . Sure. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group.

[ossec-list] Unable to establish mail communication

2017-02-21 Thread trivedi . n
Hi , I am unable to receive emails triggered on events to the specified email-id. Could anyone please help me on this . -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it,

Re: [ossec-list] Potential Bug: Windows Security Event ID 5140 incorrectly parsed by OSSEC.

2017-02-21 Thread InfoSec
Here's another event missing firld names: Event ID 4627 which lists the group membership of a user when he logs on is missing field names. 2017 Feb 21 13:33:23 WinEvtLog: Security: AUDIT_SUCCESS(4627): Microsoft-Windows-Security-Auditing: (no user): no domain: Hostname: S-1-5-18 HOSTNAME$