I'll start by saying i'm a complete rookie with OSSEC, but i know what i am
looking to setup:
I have sysmon on my windows agent, reporting back some good info, including
What i'd like to do on my OSSEC server is setup an alert rule to trigger
when usage of specific powershell commands is logged by sysmon, in
particular "-noprofile" and "-ExecutionPolicy Unrestricted"
Can anybody offer me some noobie pointers on how to go about this?
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.