Update: i'm aware that the ossec,syscheck Alert does state the hostname, however when performing multiple updates/upgrades on several agents, its rather hard to keep track of which alert belong to which ossec/syscheck.
Den måndag 11 september 2017 kl. 13:56:41 UTC+2 skrev Fredrik Hilmersson: > > Hello, > > I'm wondering if it would be possible to do a small update regarding the > ossec-slack integration to report from which host the integrity check > reports from. > Today an alert message looks like: > > Rule: 551 (level 7) -> 'Integrity checksum changed again (2nd time).' > Integrity checksum changed for: '/usr/bin/lxc' > Old md5sum was: 'checksum' > New md5sum is : 'checksum' > Old sha1sum was: 'checksum' > > however, it obviously doesn't state on which agent the checksum change > occurred. Hopefully you could add this to the ossec-slack integration. > > Kind regards, > Fredrik > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
