rafael.gomes wrote: > Guys, > > What the purpose of that BAD_WORDS? > > In my case I always get false positives for this rule (number 1002). > > IMO we should remove this rule from OSSEC. What you think about? >
I have found this rule to be pretty useful. It has alerted me to non-security production issues, but also security events from logs which don't have a decoder. I would definitely vote to keep it. -- Michael Starks [I] Immutable Security http://www.immutablesecurity.com
