Hi Everyone, I am currenlty setting up OSSEC due to PCI requirement. Most of everything is now fully setup, but now I have a questions
How do handle alert generated by the system ? I mean as per PCI my understanding is that we must "prove" that for each alert generated, we must have a way of proving that this was was corrected, either say that it was a false alarm, or the issue is minor and does not affect the security. I was thinking to send email alert to a specific queue in our ticketing system and once a day review generated ticket and close them with comments to keep track of action taken on generated alert. Any suggestion/comment would be appreciated . Thanx! -Luc -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
