Hi. We recently experienced a mass phishing attack, and I wondered if this was something that could be detected using OSSEC. I know that I can trigger an alert based off a number of events occurring within an allotted time period, but can this be "grouped" somehow? For example, 100 emails with the same subject and sender received in 30 minutes. Is this possible in the rules?
Thanks. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
