OSSEC 101: Rule Tuning
This section will explain OSSEC rules.
It will also provide a step by step process for creating new rules and decoders.
Understanding the rules:
Creating a rule:
Configure the system to use the new rule:
Those CDB things would really be useful here: