Re: [ossec-list] OSSEC Signature Update Frequency

On Fri, Nov 4, 2016 at 6:25 AM, Jesus Linares wrote: > Hi Matthew, > > Of course, you can do the "same" procedure from OSSEC-HIDS but Wazuh is > doing a great effort to centralize, test and maintain decoders and rules > submitted by Open Source contributors and create new ones. >

Re: [ossec-list] OSSEC Signature Update Frequency

Hi Matthew, I just remembered that the script only works with the new release of Wazuh. Anyway, you can do it manually: 1. Backup your current installation 2. Copy ossec-rules/decoders/ to /var/ossec/etc/decoders 3. Copy ossec-rules/rules/ to /var/ossec/rules. 4. Copy

Re: [ossec-list] OSSEC Signature Update Frequency

Hi Matthew, Wazuh has a repository for decoders, rules, rootchecks, etc. Almost all decoders/rules should work in every OSSEC version, except some of them that use new features. I recommend you to create a backup of OSSEC, then update the rules using the

Re: [ossec-list] OSSEC Signature Update Frequency

On Wed, Nov 2, 2016 at 12:00 PM, Matthew Casperson wrote: > I've been trying to track down where it details how often signatures are > updated for OSSEC. Are new signatures part of each version? E.g. if I am > on 2.8.2 and want to have the most up to date signatures

[ossec-list] OSSEC Signature Update Frequency

I've been trying to track down where it details how often signatures are updated for OSSEC. Are new signatures part of each version? E.g. if I am on 2.8.2 and want to have the most up to date signatures would I have to upgrade to the current version of OSSEC or are signatures updated