Hi James, review the alerts related with packages, and create a rule to ignore the events that you do not need.
Regards. On Wednesday, September 28, 2016 at 5:40:34 PM UTC+2, James Vernon wrote: > > As the title sais, is there a defined best practice for this? > > If unattended upgrades runs and upgrades any packages, ossec spams emails > about changed files (as expected). Is there a tried and true method to make > ossec aware that the packages were updated via unattended upgrades so it > doesn't generate alerts or something similar outside of ossec (I > acknowledge that this can be abused, but I would like to see if its > possible)? I'm quite new to this software so you will have to forgive me. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
