Hi all, I'm testing the ossec agent for a set of Windows servers, and I'm wondering how strong the default configuration is for Ossec. That is, if a server was compromised and something like the terminal server exe was modified, would ossec be able to tell me this, or do I need to identify which system exe/dll/sys/bat/whatever files should be monitored?
If it's the latter, why aren't those files in the default config file *anyway*? Matthew.
