Thanks I'll try those options.
Thanks a lot..
On Thursday, May 2, 2013 5:45:31 AM UTC+5:30, lostinthetubez wrote:
>
> Look at the realtime option for syscheck:
> http://www.ossec.net/doc/manual/syscheck/
>
> I also recommend turning auto_ignore off, so you will continue to be
> notified after t
Look at the realtime option for syscheck:
http://www.ossec.net/doc/manual/syscheck/
I also recommend turning auto_ignore off, so you will continue to be
notified after the 3rd change detection. Stick no
into the syscheck portion of your ossec.conf.
You might also wish to look at the do_not_del
Hi
Thanks for the quick reply.
I want to get informed as soon as the registry modification has done.
Can I get these notification by applying your modification ?
How can I do this in OSSIM ?
What correlation directive should I use ?
Thank you so mcuh
On Wednesday, May 1, 2013 9:03:14 PM UTC+5:
The last OSSEC release made all registry changes drop below the default
email threshold, even useful ones like this. Add something to
local_rules.xml to selectively elevate the Level, like this:
594
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
A change has been mad
have installed OSSEC agent in my windows PC.
I want to get alerts when any program or person add new entries to
following registry entry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I check the ossec.conf in windows agent. It has the particular entry. But
Im not getting
