Oh so I probably missed something : OK for the rule but how do I setup a response on all agents at the same time ? Actually an active response block only on one host at a time.
Le mercredi 2 octobre 2013 15:05:14 UTC+2, dan (ddpbsd) a écrit : > > Yes. Write a rule looking for authentication failures from the same > ip, and setup active response to block on all agents. > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
