Preface - I'm new to OSSEC. So be gentle with me, please. A little background: I've been reviewing my environment's alert emails, and have two spreadsheets going. One is anomalies that I report to our application and systems leads for them to investigate, and the other one that is getting completely out of hand is logging checksum changes. I was asked to to do this, probably because someone doesn't like me.
Has anyone done any work with aggregating the data received from the alert emails generated? Basically, on the checksums front, I have said spreadsheet indicating how many times specific checksums are changed. This is very manual and tedious, but we plan on writing rules for specific checksums. I've been playing around with Outlook and Excel, trying to get it to export the data to a spreadsheet that I can manipulate, but I can't seem to get it in a readable format that is even remotely usable. I'm wondering if anyone has done something similar, or has another approach for how you manage checksum changes. Thanks in-advance.
