Hello, We are using OSSEC for a PoC and we want to show only some alerts initially and expand the alert list. We are using OSSEC 2.6 mixed Windows and Linux agents. 1 Manager and several agents and Splunk on the manager server to show the alerts.
For now we want to achieve to show only failed and successful logins and file integrity alerts. How can we achieve this? => manually going through all rules/xml files and set accordingly all xml entries to 0 or anything else? (0 meaning disabled and dont show) or is there an easier way of achieving this? Kind regards, Michiel
