Focus on IDS
OSSEC and Windows messages Apr 20 2010 01:34PM
evilwon12 yahoo com
I am trying to match on a windows error message and am not having any luck. What I do not want to do is ignore the rule completely, only certain messages.

An example message is this:

Integrity checksum changed for:


I want to filter out based on "directory3" OR a sub-string on that. I have not been able to filter on anything in the message string. My thoughts are that the forward and back slashes are causing the problem.

Has anyone else ran into this or know of a solution to this?


Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.;5001;25;1371;0;1;946;9a80e04e1a

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus