On Tue, Jun 30, 2015 at 3:14 PM, Jeff Blaine cjbla...@gmail.com wrote:
On Tuesday, June 30, 2015 at 5:27:58 AM UTC-4, secuc...@free.fr wrote:
i see it like a feature, and it works like a cluster of information.
We discover it on in very bad case!
It's a feature and a design flaw, IMO.
The
good idea for a test
- Mail original -
De: LostInTheTubez lostinthetu...@gmail.com
À: ossec-list@googlegroups.com
Envoyé: Mardi 30 Juin 2015 21:57:43
Objet: RE: [ossec-list] AR command executing when it should not be
Could you add a custom rule to achieve what you’re looking
Of Jeff Blaine
Sent: Tuesday, June 30, 2015 12:14 PM
To: ossec-list@googlegroups.com
Cc: secucatc...@free.fr
Subject: Re: [ossec-list] AR command executing when it should not be
On Tuesday, June 30, 2015 at 5:27:58 AM UTC-4, secuc...@free.fr
mailto:secuc...@free.fr wrote:
i see it like
On Tuesday, June 30, 2015 at 5:27:58 AM UTC-4, secuc...@free.fr wrote:
i see it like a feature, and it works like a cluster of information.
We discover it on in very bad case!
It's a feature and a design flaw, IMO.
The feature part is as you described.
The design flaw is that Active
On Jun 26, 2015 12:23 PM, Jeff Blaine cjbla...@gmail.com wrote:
When rule 550 or 554 is hit with ANY agent as the source, the command
below is executing on agent 19.
As I understand AR, the command should only be executing on agent 19 when
rule 550 or 554 is hit *with agent 19 as the origin*