Stop alerting
34 views
Skip to first unread message
Carlos Islas
Apr 1, 2020, 10:12:08 AM4/1/20
to ossec-list
Good day community.
I need to stop the alerts for specific hosts , for example when we update the OS or when we made maintenance window. How can we do that? I don't know if I explain :)
I appreciate your help
Regards
Carlos Islas
Apr 2, 2020, 2:43:41 PM4/2/20
to ossec-list
Hello
Somebody have any suggestion?
Zach Vanderbilt
Apr 2, 2020, 2:54:07 PM4/2/20
to ossec...@googlegroups.com
There is no easy way to do this currently (https://www.ossec.net/docs/manual/syscheck/index.html#how-do-i-stop-syscheck-alerts-during-system-updates)
In the future you may be able to pull down the checksums for all package updates listed in repodata (on at least rpm distros) and then use a list to ignore changes matching those checksums.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/e4bd7428-9571-479e-9ab4-aef559fdfcd9%40googlegroups.com.
Carlos Islas
Apr 24, 2020, 10:24:53 AM4/24/20
to ossec-list
Hello Zach
Thank you for your comments. I ll check it and im going to do tests. Exist some to apply on agentless?
Regards
El miércoles, 1 de abril de 2020, 8:12:08 (UTC-6), Carlos Islas escribió:
Reply all
Reply to author
Forward
0 new messages