One of our devs is taking a look at this. When he is done, what is able to be shared out to public (ie without our data in it) I'll try to make sure it gets out.
On Tuesday, August 25, 2015 at 9:39:46 AM UTC-4, James Siegel wrote: > > We would like to be able to make changes to the syscheck database. > > Is there an api for this? Has anyone else tried? > > We knowingly make changes to hundreds of files at a time in our systems. > These cause a flurry of alerts. We do not want to ignore/exclude those > portions of our environment. We still want to monitor them. > > We would however like to be able to insert into the syscheck DB the > current md5sums as the most recent and clear the counters so that it does > not alert. > > Situation: We have a system that pushes hotfixes out to make approved > changes. Currently we get hundreds of alerts. > > Proposed fix: During that hotfix process, go in and set the previous and > current md5sums on those files to matching values, clear the counter to 0. > > Hopefully this would prevent the alert of a "known, approved, good" change > on a file. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
