Hi everybody, I just started using OSSEC and distributed it on seven Windows Systems (Agents) + 1 Linux / Ubuntu (as the server). I am using Version 2.7 . My Google skills failed me, so I am going to ask my question here:
Is there a way to search the whole drive of an agent system for a filename or a md5 hash? [Windows] So I do know the filename / hash, but the file is in a different Folder everytime. Until now I was unable to use the "ossec-rootcheck"-functionality. Maybe I just don't understand how it has to be configured :( . I would be very thankful for every hint / tip that'll lead me into the right direction. Thank you very much in advance. Best regards, Stefan
