On Wed, Jun 6, 2018 at 6:16 AM, Mikel Sheshi <[email protected]> wrote: > Hello, > I have Wazuh Server configured to monitor my Windows Servers > If I want to monitor a directory : Example : <directories check_all="yes" > realtime="yes">C:\test</directories> > > When I do changes with a user logged on the server I receive all the changes > through syscheck > > The question is: > If the directory C: is shared (\\server-ip\c$) and some active directory > users have access to all the folders under C:\ , when a user makes a change > through the shared folder to C:\test , it is possible to receive an alert > through syscheck ? > I want to know who has changed , and what is changed >
That should be easy to test. Setup OSSEC to monitor a directory, share the directory, modify a file in the shared and monitored directory from a remote machine. Seeing that the file has changed should work, but not who changed it. > Thank you > Mikeli > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
