Hi all,
This is my active response configuration on centos server:
<command>
<name>win_nullroute</name>
<executable>route-null.cmd</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<active-response>
<disabled>no</disabled>
<command>win_nullroute</command>
<location>all</location>
<level>5</level>
<timeout>60</timeout>
</active-response>
I have enabled AR on windows agent, but it is not executed when an event of
level>=5 is fired.
I am using wazuh 3.13 version, windows 10
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/cb2919f2-148c-4eb2-aebf-5663c1db2983n%40googlegroups.com.
