Re: [ossec-list] Updates rules and signatures

2017-06-14 Thread Scott R. Shinn
They're internal to the package *for the moment*, so when we release an OSSEC update the new rules come along with it. When you update to 2.9.1 its going to update the rules along with it. Eventually we're going to break the more dynamic content (rules, decoders, etc) into a separate package. Ho

Re: [ossec-list] Updates rules and signatures

2017-06-10 Thread dan (ddp)
On Thu, Jun 8, 2017 at 2:01 PM, Alexis Lessard wrote: > Do you update the version every time you add new rules? We've manage to > install with with yum using atomicorp repo's, so if you could update them > with yum, that'd much easier. > Atomic may update the rules separately. I don't use the pac

Re: [ossec-list] Updates rules and signatures

2017-06-08 Thread Alexis Lessard
Do you update the version every time you add new rules? We've manage to install with with yum using atomicorp repo's, so if you could update them with yum, that'd much easier. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscr

Re: [ossec-list] Updates rules and signatures

2017-06-08 Thread Jesus Linares
The script is only valid for Wazuh. On Thursday, June 8, 2017 at 2:31:24 PM UTC+2, Alexis Lessard wrote: > > I did see that script. Seemed really interesting. Due to a lack of a test > environment, I didn't try it, but reading it, I was under the impression > that it only worked with a wazzuh i

Re: [ossec-list] Updates rules and signatures

2017-06-08 Thread Alexis Lessard
I did see that script. Seemed really interesting. Due to a lack of a test environment, I didn't try it, but reading it, I was under the impression that it only worked with a wazzuh installation and not with ossec vanilla. Would it actually work without installing wazzuh? Le jeudi 8 juin 2017 05

Re: [ossec-list] Updates rules and signatures

2017-06-08 Thread Jesus Linares
Hi Alexis, Dan's method is the faster way to do it and it should work properly. Saying that, Wazuh does a great effort to centralice decoders, rules, rootchecks and OpenSCAP content in wazuh-ruleset repository. Also, a script

Re: [ossec-list] Updates rules and signatures

2017-06-07 Thread dan (ddp)
On Wed, Jun 7, 2017 at 4:24 PM, Alexis Lessard wrote: > Hi! > > What is the cleanest and easiest way to updates rules and signatures of > attacks and threats in ossec? I'm looking maybe for a command I could use to > automate it. When I execute bin/manage_agents -V (to obtain version), I get > th

[ossec-list] Updates rules and signatures

2017-06-07 Thread Alexis Lessard
Hi! What is the cleanest and easiest way to updates rules and signatures of attacks and threats in ossec? I'm looking maybe for a command I could use to automate it. When I execute bin/manage_agents -V (to obtain version), I get this: OSSEC HIDS v2.8.3 - Trend Micro Inc. According to the docu