Hi Shawn We have done in our environment, but we have customised only a few alerts which we feel were critical and to be monitored at EnVision. This depends on 1) The alerts critical for your setup 2) Devices, applications and OS part of your setup. Since based on this alerts would be different and they needed to be parsed differently.
Regards Gagan On Mar 2, 4:08 am, "Jefferson, Shawn" <[email protected]> wrote: > Hi, > > Just getting started with OSSEC. Does anyone have an XML device file to > integrate with RSA Envision that they wouldn't mind sharing? > > -- > Thanks! > Shawn Jefferson > [email protected]
