On Feb 8, 2016 5:39 AM, "Pedro S" <[email protected]> wrote: > > Hi, > > Active-response is only supported by installations: local and server. > Local and server installation only works on Linux so Windows does not have active-response functionality, that's why it is disabled by default on Windows agents. > > Refer to OSSEC documentation: http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.active-response.html >
The documentation is weird, you can use active reponse on agents as well. It is supported on Windows, but I don't know why it's disabled by default > Regards, > > Pedro S. > > > On Thursday, February 4, 2016 at 7:55:42 AM UTC+1, Abdulvehhab Agin wrote: >> >> Hi >> >> Ossec setup which is prepared Windows install ossec.conf file with active response <disabled>yes</disabled> at Default >> >> However in linux there is no active response tag which means that it is ready for active response >> >> >> Why in windows installation it is default disabled > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
