Re: [ossec-list] Re: %AppData% alert on new file creation proper setup

Hi, I tested that configuration at Windows agent's ossec.conf: 300 C:\Users/Administrator/AppData/Local/Temp And I added this new rule on manager's local_fules.xml: 554 < regex>C:\\Users/\S+/AppData/Local/Temp File added to the system at Temp directory. syscheck,pci_dss_11.5, This

Re: [ossec-list] Re: %AppData% alert on new file creation proper setup

On Mon, Mar 27, 2017 at 4:26 AM, wrote: > Hello Dan, > > Thank you for your feedback. I have changed the frequency to 900 > sec, and inspected the ossec.log. I noted that inside the log file none of > the agent.conf directories where present. Any theories

[ossec-list] Re: %AppData% alert on new file creation proper setup

Hello Dan, Thank you for your feedback. I have changed the frequency to 900 sec, and inspected the ossec.log. I noted that inside the log file none of the agent.conf directories where present. Any theories on why the ossec.conf syscheck content is showing up in ossec.log, and the