Hi all, I guess this is more confirmation than anything but...
1) OSSEC agentless basically just includes syscheck - is this correct? So rootcheck is not something that's done, nor log analysis. 2) There is no Windows implementation for OSSEC agentless monitoring...? 3) Is there any major difference in how standard syscheck in local/ agent mode runs compared to in agentless mode? I'm in the process of evaluating whether OSSEC in agentless mode will satisfy FIM-specific requirements of PCI. Obviously, rootcheck would be a really nice [and more secure] thing to have but that's not necessarily a requirement as far as PCI is concerned.
