I have hopefully an easily answered question regarding modifying some of the rules.xml files that come with ossec. I guess my question centers around, what is the best practice for doing something like that? i want to give certain windows eveint ID's higher levels and lower certain other ones. should i just modify the msauth_rules.xml files as required or is there a different best practice?
Thanks Derek -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
