Hi,
I tested that configuration at Windows agent's ossec.conf:
300
C:\Users/Administrator/AppData/Local/Temp
And I added this new rule on manager's local_fules.xml:
554 <
regex>C:\\Users/\S+/AppData/Local/Temp File added to
the system at Temp directory. syscheck,pci_dss_11.5,
This
On Mon, Mar 27, 2017 at 4:26 AM, wrote:
> Hello Dan,
>
> Thank you for your feedback. I have changed the frequency to 900
> sec, and inspected the ossec.log. I noted that inside the log file none of
> the agent.conf directories where present. Any theories
Hello Dan,
Thank you for your feedback. I have changed the frequency to 900
sec, and inspected the ossec.log. I noted that inside the log file none of
the agent.conf directories where present. Any theories on why the
ossec.conf syscheck content is showing up in ossec.log, and the