On Tue, Sep 17, 2019 at 9:57 AM Kyriakos Stavridis <[email protected]> wrote: > > Hello everyone. I have some md5/sha256 hashes in a cdb list and I want to > detect them with the <list></list> functionality. > > The problem is that I am decoding the information with field name like "hash" > but I can't really use it like that: > > <list field="md5">hashes</list> > > because OSSEC doesn't allow the usage of any fields other than the following. > > Value: srcip > Value: srcport > Value: dstip > Value: dstport > Value: extra_data > Value: user > Value: url > Value: id > Value: hostname > Value: program_name > Value: status > Value: action > > Do you have any suggestiongs? :) >
Add support for other fields to cdb lists? > Thanks > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/ec2ede71-a91c-498e-90fd-3e8143cb9f1b%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMoxOK6f88C-WqqOTKZw0HA%3Dojtch0tOQo6LaNO%3Dgheqtg%40mail.gmail.com.
