Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syscheck #2097

Open
dimaivanov1234 opened this issue Aug 21, 2023 · 1 comment
Open

syscheck #2097

dimaivanov1234 opened this issue Aug 21, 2023 · 1 comment

Comments

@dimaivanov1234
Copy link

Hello! Can you please tell me how to fix the error? I have file integrity control configured. A warning appears when the file is modified. But the warning does not include the computer name or IP address. Other alerts have an ip address. What do I need to change to make the ip address appear?
Received from: ossec->syscheck
Rule: 550 hits (level 7) -> "Integrity checksum changed".
@wolle604
Copy link

wolle604 commented Nov 8, 2023

Hey, I think you have misunderstood the functionality of syscheck/file integrity monitoring. Syscheck monitors the checksum of files and reports that something has changed. It doesn't tell you who changed something. To get the information you need, you have to combine different logs, e.g. syscheck alerts and an output of e.g. "last" linux command. This is something a SOC analyst would do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wolle604 @dimaivanov1234