Hi, Michael. Exchange 2003. I've got the Message Tracking logs. Thanks
On Tuesday, December 17, 2013 5:32:53 PM UTC, Michael Starks wrote: > > On 2013-12-17 10:24, Chris H wrote: > > Hi. We recently experienced a mass phishing attack, and I wondered if > > this was something that could be detected using OSSEC. I know that I > > can trigger an alert based off a number of events occurring within an > > allotted time period, but can this be "grouped" somehow? For example, > > 100 emails with the same subject and sender received in 30 minutes. Is > > this possible in the rules? > > > > Thanks. > > What MTA are you using? > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
