Hi All,
We are very new to the OSSEC environment. After scanning the archives, I couldn't find how people are administering several instances of OSSEC in their environment. For example, if you had 50-100 systems monitored/protected by OSSEC agents, how do you configure the OSSEC server to push 1 policy/configuration to 50-100 agents? Or how do you make changes to a policy on the server that would modify the configurations for a group of agents, but not all of the agents? It seems the relationship is 1:1 (you have to push changes to each agent individually), but being new to OSSEC, I'm sure I'm missing something. Also, are there signatures that get updated? If so, how often do they get updated and do they have to be applied individually? TIA
