I am trying to pitch using OSSEC to our Windows guys for integrity
checking primarily, and I have two questions:
1. How well is OSSEC able to handle high load windows systems with
large amounts of changing files?
2. Is there a way to force ossec-hids to not disable monitoring of
filesystem locations that are changing frequently?
I did see this on the Wiki, but it does not answer the questions above
http://www.ossec.net/wiki/index.php/High_CPU_usage_on_Windows_agent
Any information would be helpful.
Thanks
Joshua Gimer
