I'm experimenting with setting up active response on the agent, controlled entirely by the server.
What exactly do I need to put in the ossec.conf on the agent in this case? I've copied the script over to the active-responses/bin folder but do I need to add anything to the ossec.conf? I'm assuming active response is supposed to be set as "<disabled>no</disabled>" - how exactly does this work with remote agents? Thanks, Jeremy
