Alerts when a laptop is outside from the company after a time
30 views
Skip to first unread message
Luis Montoya
Oct 7, 2022, 2:01:47 AM10/7/22
to Wazuh mailing list
Hi everyone!
Do you know if is it possible to establish a rule or mechanism for alerting when a Windows laptop is being used outside of the company after 5:30 pm?
Do you know if is it possible to establish a rule or mechanism for alerting when a Windows laptop is being used outside of the company after 5:30 pm?
I was thinking, maybe, when this laptop gets connected to a different Wi-Fi network than the usual one of the company, after 5:30 pm on Monday to Friday but I don´t know how to translate this to code and add it to the ruleset and alert.
Thanks in advance!
elw...@wazuh.com
Oct 7, 2022, 3:31:23 AM10/7/22
to Wazuh mailing list
Hello,
You can implement a mechanism similar to one described here https://wazuh.com/blog/how-to-monitor-folder-access-on-windows/ but instead, you would trigger an alert whenever the agent is started:
You can find more about the rules syntax here https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/rules.html#options.
Hope this helps.
Regards,
Wali
You can implement a mechanism similar to one described here https://wazuh.com/blog/how-to-monitor-folder-access-on-windows/ but instead, you would trigger an alert whenever the agent is started:
<rule id="100112" level="10">
<if_sid>503</if_sid>
<time>5pm - 8am</time>
<description>Agent started out of office hours.</description>
<options>no_full_log</options>
</rule>
You can find more about the rules syntax here https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/rules.html#options.
Hope this helps.
Regards,
Wali
Reply all
Reply to author
Forward
0 new messages