On Mon, Sep 11, 2017 at 7:56 AM, Fredrik Hilmersson <fredrik.hilmers...@gmail.com> wrote: > Hello, > > I'm wondering if it would be possible to do a small update regarding the > ossec-slack integration to report from which host the integrity check > reports from. > Today an alert message looks like: > > Rule: 551 (level 7) -> 'Integrity checksum changed again (2nd time).' > Integrity checksum changed for: '/usr/bin/lxc' > Old md5sum was: 'checksum' > New md5sum is : 'checksum' > Old sha1sum was: 'checksum' > > however, it obviously doesn't state on which agent the checksum change > occurred. Hopefully you could add this to the ossec-slack integration. >
I won't use ossec-slack.sh, so if you can come up with a diff and post a pull request, I'll merge it. > Kind regards, > Fredrik > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.