On 30.10.2012 09:08, [email protected] wrote:
Hello ossec experts,
1. I have installed ossec-hids-2.6-16.el5 and few days ago, I started
to write some rules to better match with our network and today,
realized that for w2k8 ... predefined rules and also actual ossec
decoders are not working ...
Where I can find rules to work with windows 2008 server or how can I
have correct decoded alerts for Windows 2008 OS? I don't want to
reinvent the wheel and write all rules for this OS ... How other
people solved this problem?
We probably need to look at the decoder first and see if it needs
updating. I don't believe anyone has worked that much on Win2k8 decoder
and rules.
