Hello All, I reviewed some of the OSSEC alerts that I am getting about integrity checksums as well as new file alerts and noticed that the dates on the files were from a couple years ago (for new file alerts. the integrity checksum one was a little less than a month ago). Is there any reason that it would be doing this? I am using realtime="yes", so I would assume that if I received an alert it was because the integrity checksum was changed sometime today, or if a new file was added it would have the date created/modified as of today.
Any thoughts? Thanks in advance.
