Hi mscrano, yes you can do that, example:
<rule id=“100127” level=“10”> <if_sid>100125</if_sid> <time>6 pm – 8:30 am</time> <description>Login outside business hours.</description> <group>policy_violation</group> </rule> http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html#element-time <http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html> Regards ----------------------- Jose Luis Ruiz Wazuh Inc. [email protected] On March 29, 2017 at 6:17:37 PM, [email protected] ([email protected]) wrote: Hi Ossec-list, I am wondering if anyone else has run into this issue, I have a cron that runs at the same time every day and it always triggers the promiscuous mode rule (per expected behavior) . Is it possible to have a time based exclusion for a rule such that it will not trigger between specific times? For example I would like to disable this rule for 2 minutes at midnight. I have not seen such a configuration option in the documentation. Anyone have any advice? Thanks, Mark Scrano -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
