[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: Re: [ossec-list] About active responses
From: "dan (ddp)" <ddpbsd () gmail ! com>
Date: 2019-10-11 11:45:51
Message-ID: CAMyQvMp0tiN13LxZn_2ucZcd00T1aRVEVYkeBv7aFu_vbD-5sQ () mail ! gmail ! com
[Download RAW message or body]
On Thu, Oct 10, 2019 at 5:10 AM Kyriakos Stavridis
<stavridiskyriakos@gmail.com> wrote:
>
> Hey guys,
>
> Can I have an active response only activated for a specific agent? (active \
> reponse's location is on ossec server)
> Example:
> I have agent1 and agent2, I have 2 active responses AR1 and AR2. I want AR1 to be \
> triggered only by agent1 events and AR2 to be triggered only by agent2 events. Is \
> this possible?
I can't think of a way to do this off the top of my head.
> Example config:
> <active-response>
> <command>commandname1</command>
> <location>server</location>
> // some config here? specifying agent1
> <level>3</level>
> <active-response>
>
> <active-response>
> <command>commandname2</command>
> <location>server</location>
> // some config here? specifying agent2
> <level>3</level>
> <active-response>
>
> Thanks! have a nice day!
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups \
> "ossec-list" group. To unsubscribe from this group and stop receiving emails from \
> it, send an email to ossec-list+unsubscribe@googlegroups.com. To view this \
> discussion on the web visit \
> https://groups.google.com/d/msgid/ossec-list/2a4319d3-dc11-4cd8-913c-e7d3fba3ece5%40googlegroups.com.
>
--
---
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. To view this discussion on \
the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMp0tiN13LxZn_2ucZcd00T1aRVEVYkeBv7aFu_vbD-5sQ%40mail.gmail.com.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic