You are totally alright, excuse me. OSSEC documentation is really weird, you can find here info about windows active response:
http://ossec-docs.readthedocs.org/en/latest/manual/ar/ar-windows.html About the disabled by default, it is specified here: https://github.com/ossec/ossec-hids/blob/master/src/win32/ossec.conf#L133 I think OSSEC use that file to compile windows binary, if you change that line and compile the agent, it will have active-response active by default. On Monday, February 8, 2016 at 11:44:43 AM UTC+1, dan (ddpbsd) wrote: > > > On Feb 8, 2016 5:39 AM, "Pedro S" <[email protected] <javascript:>> wrote: > > > > Hi, > > > > Active-response is only supported by installations: local and server. > > Local and server installation only works on Linux so Windows does not > have active-response functionality, that's why it is disabled by default on > Windows agents. > > > > Refer to OSSEC documentation: > http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.active-response.html > > > > The documentation is weird, you can use active reponse on agents as well. > It is supported on Windows, but I don't know why it's disabled by default > > > Regards, > > > > Pedro S. > > > > > > On Thursday, February 4, 2016 at 7:55:42 AM UTC+1, Abdulvehhab Agin > wrote: > >> > >> Hi > >> > >> Ossec setup which is prepared Windows install ossec.conf file with > active response <disabled>yes</disabled> at Default > >> > >> However in linux there is no active response tag which means that it is > ready for active response > >> > >> > >> Why in windows installation it is default disabled > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
