We would like to be able to make changes to the syscheck database. Is there an api for this? Has anyone else tried?
We knowingly make changes to hundreds of files at a time in our systems. These cause a flurry of alerts. We do not want to ignore/exclude those portions of our environment. We still want to monitor them. We would however like to be able to insert into the syscheck DB the current md5sums as the most recent and clear the counters so that it does not alert. Situation: We have a system that pushes hotfixes out to make approved changes. Currently we get hundreds of alerts. Proposed fix: During that hotfix process, go in and set the previous and current md5sums on those files to matching values, clear the counter to 0. Hopefully this would prevent the alert of a "known, approved, good" change on a file. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
