I'm wondering what everyone's favorite rules are. I'm trying to come up with some new rules to tighten security, so I would like to hear (and see code snippets) or folks favorites, and what they are designed to detect. I.E. detect commands run, look for certain IOC's and so on. I'm impressed with how much OSSEC does out of box too!
Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.