On Thu, May 18, 2017 at 4:51 PM, Gert Verhoog wrote:
> Hi Jesus,
>
> I'm having the same problem, and the triggering of this rule causes so much
> noise that it's drowning out other alerts. I have added a rule like you
> suggested to my local rules:
>
>
> 510
>
On Thu, May 18, 2017 at 3:50 PM, Pedro Sanchez wrote:
> Hi,
>
> I did not find any MariaDB decoders/rules, it could be interesting to create
> them. Feel free to paste here some log samples so we can take a look and
> maybe guide you a little bit to create them.
>
The OSSEC
On Thu, May 18, 2017 at 3:47 PM, Pedro Sanchez wrote:
> Yes, it does.
> Rootcheck works for Linux as well, we have different rootcheck policies:
> https://github.com/wazuh/wazuh-ruleset/tree/master/rootchecks
>
OSSEC has rootcheck as well.
> Cheers,
> Pedro.
>
> On Wed, May 17,