Rule 553 (syscheck file deletion) is not triggering
Posted: Tue Sep 13, 2022 5:57 am
Hello, I am trying to use OSSEC primarily as a syscheck tool for agentless devices.
All of the rules seemingly work (addition of file, modification, etc) but it seems that file deletion is not detected in alerts.
How do I enable this feature? is it enabled by default on installation similar to how other rules were? (new file, modification).
I do not use realtime as I am trying to create a fully agentless environment.
All of the rules seemingly work (addition of file, modification, etc) but it seems that file deletion is not detected in alerts.
How do I enable this feature? is it enabled by default on installation similar to how other rules were? (new file, modification).
I do not use realtime as I am trying to create a fully agentless environment.