Is there a way to (in OSSEC v2.3) group servers/agents for alert notification and rule customization/execution? I noticed that I can do it based on event severity, but is it possible to do it based on individual servers, or groups of servers?
I have a centralized OSSEC system with OSSEC agents running on various platforms, and I want to be able to send alerts for specific servers to specific people. Ideally I would also like to be able to customize rules for specific servers, but from the central OSSEC server. I know I can do this by editing the rules on the remote server, but I though I read somewhere that I can do this on the central server as well? Nick
