Hi dan,
I talked to my client and he told me that the machine generating the alert > Rule: 18152 fired (level 10) is an AD and everyone ta logging for her, or > will generate many alerts depending on the amount of people who must log > there. I noticed that I receive emails with the rule: in 1002 in the same > proportion that the rule 18152. They may be related? Can I add a rule how > this to ignore the rule 18152 in AD? > > <rule id="100xxx" level="0"> > <if_sid> 18152 </ if_sid> > <hostname> SSP001001-006 </ hostname> > <options> no_email_alert </ options> > <description> ignores multiple login errors </ description> > </ rule> > I need a decoder? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
