Hi everyone, I want to alert when these two rule triggered. One rule sid is enough but it works like "OR" I want to use "2502" and "18149" both triggered, then alert for me ?
<rule id="60031" level="3" frequency="1" timeframe="60"> <if_matched_sid>2502</if_matched_sid> <if_matched_sid>18149</if_matched_sid> <description>Test Rule 1</description> </rule> Can I do something like that? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
