Was about to say what Bruce said regarding Windows auditing and customization although I had never tried it before, would be very interested in knowing how to do it!
Regards, Vicente Muñoz From: [email protected] <[email protected]> On Behalf Of Bruce Westbrook Sent: Wednesday, April 11, 2018 7:23 AM To: ossec-list <[email protected]> Subject: [EXTERNAL] [ossec-list] Re: how to get an alert. the user, whom modified a file Is this for a Windows agent or Linux agent? If Windows I can let you know what I've done to accomplish this, which doesn't use OSSEC sycheck but rather a combination of Windows File Auditing and customized OSSEC rules. - Bruce On Wednesday, April 11, 2018 at 10:18:10 AM UTC-4, [email protected] <mailto:[email protected]> wrote: I'm using OSSEC HIDS from this i'm getting the alerts based on all events. but, i need to know a user whom modified the specific file. is this possible? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME cryptographic signature
