Quoting "dan (ddp)" <[email protected]>:
On Tue, Oct 30, 2012 at 10:08 AM, <[email protected]> wrote:
Hello ossec experts,
1. I have installed ossec-hids-2.6-16.el5 and few days ago, I started to
write some rules to better match with our network and today, realized that
for w2k8 ... predefined rules and also actual ossec decoders are not working
...
Where I can find rules to work with windows 2008 server or how can I have
correct decoded alerts for Windows 2008 OS? I don't want to reinvent the
wheel and write all rules for this OS ... How other people solved this
problem?
Have you tried any of the 2.7 betas or the latest development code?
That would be where you'd want to start.
I am using ossec o production and there is no documentation telling me
that I can use 2.7betas rules inside 2.6 code.
Are you suggesting to install entire 2.7beta ossec software or just
rules found inside 2.7beta?
Regards,
Alx
-------------------------------------------------
2012 - Make an informed choice http://www.isidewith.com/
Sponsored by VFEmail.net - http://www.vfemail.net
$14.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
