Hi Kevin
A silly question
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
El 2 de junio de 2016 a las 22:45:01, Kevin Branch (
ke...@branchnetconsulting.com) escribió:
I am running an OSSEC 2.8.3 server and a Windows computer with OSSEC 2.8.3
agent.
The rule simply
Thanks for helping me along. My mistake was I was shoving this into
ossec-logtest, log record prefix data and all
2016 Jun 02 21:58:38 (XYZ-O9020) 192.168.15.0->WinEvtLog 2016 Jun 02
17:58:36 WinEvtLog: Application: INFORMATION(1): chromoting: (no user): no
domain: XYZ-O9020: Client
On Thu, Jun 2, 2016 at 10:42 PM, Kevin Branch
wrote:
> I am running an OSSEC 2.8.3 server and a Windows computer with OSSEC 2.8.3
> agent.
>
> The rule simply alerts on Chrome Remote Desktop events.
>
> It uses this custom decoder:
>
>
> : chromoting:
I am running an OSSEC 2.8.3 server and a Windows computer with OSSEC 2.8.3
agent.
The rule simply alerts on Chrome Remote Desktop events.
It uses this custom decoder:
: chromoting: \.*chromoting
The rule is:
chromoting
Chrome Remote Desktop event - generic
My test event is: