On Tue, Aug 25, 2015 at 9:33 AM, James Siegel <[email protected]> wrote: > We would like to be able to make changes to the syscheck database. > > Is there an api for this? Has anyone else tried? > > We knowingly make changes to hundreds of files at a time in our systems. > These cause a flurry of alerts. We do not want to ignore/exclude those > portions of our environment. We still want to monitor them. > > We would however like to be able to insert into the syscheck DB the current > md5sums as the most recent and clear the counters so that it does not alert. > > Situation: We have a system that pushes hotfixes out to make approved > changes. Currently we get hundreds of alerts. > > Proposed fix: During that hotfix process, go in and set the previous and > current md5sums on those files to matching values, clear the counter to 0. > > Hopefully this would prevent the alert of a "known, approved, good" change > on a file. >
We don't have anything to support that, but it's a text file, so it should be easyish to parse. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
