We have deployed OSSEC company wide to probably 60-80 PCs and servers. Problem is our hourly emails are 4-5MB, way too much to wade through. The vast majority of the events are Event ID 4656, with a good number of Event ID 4673 too. How do I determine whether or not I can suppress all of these from the alert emails? I don't mean in the technical sense, but security sense. Might these particular events ever be thrown when there is malicious activity?
Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
