I have some questions: Do changes need to be made to config files to activate or utilize the new rules/decoders related to rootcheck, last root login, active response, PCRE2 reg ex engine, etc in the new version?
If yes, what are the recommended settings and how should each rule be utilized? How are folks using active response be used on endpoints to fend off potential attacks? Thanks, -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/c79b2828-767e-43c5-a290-a0bcba3980a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
