Re: [ossec-list] Re: Rule 510 is triggering events but logtest is not showing any rules that should be triggered

On Thu, May 18, 2017 at 4:51 PM, Gert Verhoog wrote: > Hi Jesus, > > I'm having the same problem, and the triggering of this rule causes so much > noise that it's drowning out other alerts. I have added a rule like you > suggested to my local rules: > > > 510 >

Re: [ossec-list] mariadb monitoring?

On Thu, May 18, 2017 at 3:50 PM, Pedro Sanchez wrote: > Hi, > > I did not find any MariaDB decoders/rules, it could be interesting to create > them. Feel free to paste here some log samples so we can take a look and > maybe guide you a little bit to create them. > The OSSEC

Re: [ossec-list] Using OSSEC HIDS to spot rogue software

On Thu, May 18, 2017 at 3:47 PM, Pedro Sanchez wrote: > Yes, it does. > Rootcheck works for Linux as well, we have different rootcheck policies: > https://github.com/wazuh/wazuh-ruleset/tree/master/rootchecks > OSSEC has rootcheck as well. > Cheers, > Pedro. > > On Wed, May 17,