Search found 1 match
- Thu Aug 18, 2022 5:26 am
- Forum: OSSEC
- Topic: /var/ossec/queue/diff remains empty
- Replies: 0
- Views: 62040
/var/ossec/queue/diff remains empty
Hi, I’m having an issue with a local rule to detect any USB device connected. I implemented on OSSEC server the following one : <rule id="100101" level="7"> <if_sid>530</if_sid> <frequency>10</frequency> <match>ossec: output: 'reg QUERY</match> <check_diff /> <description>USB dev...