On Thu, Nov 1, 2012 at 7:16 AM, <[email protected]> wrote: > Quoting "dan (ddp)" <[email protected]>: > >> On Tue, Oct 30, 2012 at 10:08 AM, <[email protected]> wrote: >>> >>> Hello ossec experts, >>> >>> 1. I have installed ossec-hids-2.6-16.el5 and few days ago, I started to >>> write some rules to better match with our network and today, realized >>> that >>> for w2k8 ... predefined rules and also actual ossec decoders are not >>> working >>> ... >>> >>> Where I can find rules to work with windows 2008 server or how can I have >>> correct decoded alerts for Windows 2008 OS? I don't want to reinvent the >>> wheel and write all rules for this OS ... How other people solved this >>> problem? >>> >> >> Have you tried any of the 2.7 betas or the latest development code? >> That would be where you'd want to start. > > > I am using ossec o production and there is no documentation telling me that > I can use 2.7betas rules inside 2.6 code. > > Are you suggesting to install entire 2.7beta ossec software or just rules > found inside 2.7beta? >
Install 2.7. You can try using the 2.7 rules with 2.6, but I have no idea if it will work. I haven't tried it, and I don't plan on it. I haven't used vanilla 2.6 since it was released. > > Regards, > Alx > > > ------------------------------------------------- > 2012 - Make an informed choice http://www.isidewith.com/ > Sponsored by VFEmail.net - http://www.vfemail.net > $14.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No > bandwidth quotas! > Commercial and Bulk Mail Options!
