On Wed, Aug 22, 2012 at 6:05 PM, Kevin Huang <[email protected]> wrote: > Hi, > > I am new to ossec, I would like to write a rule that will check for an > occurrences when a rule is fired and if it is fired at a certain rate, > do something. > > A scenario, I would like to write a rule that monitors all alerts and if > I found more than 5 identical alerts from the same machine, then raise > the alert level and silent the corresponding rule for 1 hour. > > Is this possible? > > Thanks! > > -KH
Not really. I think there was a similar thread on this recently.
