Is this for a Windows agent or Linux agent?
If Windows I can let you know what I've done to accomplish this, which
doesn't use OSSEC sycheck but rather a combination of Windows File Auditing
and customized OSSEC rules.
On Wednesday, April 11, 2018 at 10:18:10 AM UTC-4,
> I'm using OSSEC HIDS
> from this i'm getting the alerts based on all events. but, i need to know
> a *user whom modified the specific file*.
> is this possible?
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.