dear All,
Ise Ossec 2.9.2 and I need help to use "!" on source ip address. the task
is, if someone success login not from defined ip address, it will trigger
another rule.
this is what i tried to add to local decoder
<rule id="110601" level="10">
<if_sid>5715</if_sid>
<hostname>hostname</hostname>
<srcip>!192.168.130.1|</srcip>
<srcip>!192.168.130.2|</srcip>
<srcip>!192.168.130.3</srcip>
<description>Login Success from Suspicious Address</description>
</rule>
but seems it give an error.
could anyone help me?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
