Atomicorp

Can you please confirm the version of ossec you are on?

1. Verify OSSEC Email Alert Configuration Check the email-related settings in the ossec.conf file, typically located at /var/ossec/etc/ossec.conf. Look for the following tags: <global> <email_notification>yes</email_notification> <email_to>your-email@example.com</email_to> <email_from>ossec@example....

seni_77589 wrote: ↑Tue Mar 12, 2024 7:09 pm Hi,

For some reason I seem to have the same issue. Can you please help me?

Thank you.
Regards,
Seni

I have emailed you for more details. Thank you!

We have opened an issue report with the developers. Thank you for reaching out!

What are you trying to install? Modsec, ASL, or OSSEC?

Atomic Ossec uses cvss3. We favor 3 over 2 in the aggregations. if there's a cvss3 score in the event, we use it

For your first question, it is best not to tie an IP to an agent key and OSSEC will not default to that option. The server is never going to see the LAN IP at all and some of yours are dynamic. For your second question, most of the ossec rules with regards to breeches will be labeled as a level 7 ru...

It could mean that the OS is restricting processes through systemd, or possibly selinux. Or maybe 2 instances of the agent are running at the same time?

A good place to start would be to stop the agent, and see if any processes are still running.

Stop the ossec-hids process and then rm the pid file and restart the service. See if that kicks it into gear.

Hello!

Please see this doc for agentless configuration https://docs.atomicorp.com/AEO/agentles ... =agentless
You will probably want to change the conf for <state>periodic</state> to <state>periodic_diff</state>

Hi John,

You have a Ubuntu HUB with a UI so I am assuming you are using Atomic OSSEC enterprise version. If that is the case, you can go to Asset Management > Add agent. From here you can either use the instructions to add an agent manually, or you can use automated agent installation

Error opening directory: 'C:\windows\system32\drivers\testPTS: No such file or directory

This is saying the testPTS directory does not exist. It could also be that ossec does not have permissions to it.

We are not working on CentOS/RHeL 9 repos at this time, but it is in the works later this year

Have you taken a look into the active response log if that is enabled? /var/ossec/logs/active-responses.log

Hi Jonas,

Yes the update server was unreachable for a time. It has been corrected. We apologize for the trouble!