On Tue, Jun 3, 2014 at 12:27 PM, dan (ddp) <[email protected]> wrote: > On Tue, Jun 3, 2014 at 11:57 AM, Nguyễn Văn Hớn <[email protected]> wrote: >> Hi every body. i have to make with link >> http://blog.rootshell.be/2010/03/15/detecting-usb-storage-usage-with-ossec/ >> but it is not running. > > What is not running? Did you restart the OSSEC processes after making > these changes on the manager? Were the changes pushed to the agents > you're monitoring? Is that registry entry !0? What version of Windows? > Are you sure the rootcheck stuff is running? > >> and link >> http://ossec-docs.readthedocs.org/en/latest/manual/monitoring/process-monitoring.html >> but is not running. >> > > Which part is not running? There are multiple entries on that page, > which one are you trying? What happens? > >> i want to create active response when ossec detected USB then active respone >> running cmd( script deny USB that)
Missed this in my initial response. What's stopping you from doing this? >> Please help me. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
