Hello, here are some decoders (at least 7) and one rule that can be used with the Snoopy Command Logger.
- Copy the decoders and rules to your Wazuh Manager
Copy 0751-snoopy_decoders.xml to /var/ossec/etc/decoders/
Copy 0751-snoopy_rules.xml to /var/ossec/etc/rules/
-
Restart Wazuh Manager
systemctl restart wazuh-manager -
Check for service failure
systemctl status wazuh-manager