Hi group - OSSEC is used in our environment mainly for File Integrity Monitoring. We've installed OSSEC locally on each server and the logs are sent to a centralized logging solution.
Is there a way that OSSEC can alert when a file is moved or copied in/ from a particular directory? Currently we are only getting the 1st, 2nd, 3rd checksum changed alerts as well as file deletes. I'd like to get an alert on new files also but haven't figured out how. Any ideas or tips will be greatly appreciated.. Thanks!
