Is this for a Windows agent or Linux agent? If Windows I can let you know what I've done to accomplish this, which doesn't use OSSEC sycheck but rather a combination of Windows File Auditing and customized OSSEC rules.
- Bruce On Wednesday, April 11, 2018 at 10:18:10 AM UTC-4, [email protected] wrote: > > I'm using OSSEC HIDS > > from this i'm getting the alerts based on all events. but, i need to know > a *user whom modified the specific file*. > is this possible? > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
