New atomicorp customer - at least will be once the PO's cut - and am working on a freshly installed POC implementation with 6 clients atm.
Within the ASL security events browser, how do I identify the agent that's reporting an event? Example: I see this event in the alert log:
From that, I can easily tell the source agent is walvdevmpwl2854. When looking at the security events browser and the details for event 1560366039.18365655 - nothing says 'walvdevmpwl2854'.** Alert 1560366039.18365655: - ossec,rootcheck,
2019 Jun 12 15:00:39 walvdevmpwl2854
Rule: 510 (level 6) -> 'Host-based anomaly detection event (rootcheck).'
File '/etc/init/swiagent.update.override' is owned by root and has written permissions to anyone.
title: File is owned by root and has written permissions to anyone.
file: /etc/init/swiagent.update.override
Did I miss a configuration somewhere?
Thanks
Doug O'Leary