I have not tested on AD controlled Windows 10 as of yet
He is mine its script base and tails from the sid 530
https://groups.google.com/forum/#!searchin/ossec-list/usb$20detection%7Csort:date/ossec-list/9P1wZM78jj4/CvibL-afAgAJ
you would need this in the Windows agent config.
<localfile>
<log_format>full_command</log_format>
<command>C:\ossec-tools\usb\usb-audit.bat</command>
<frequency>30</frequency>
<alias>USBDevices</alias>
</localfile>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
