Rule 1
Status	Active
Alert Message	OSSEC event

Contents 1 Description 1.1 What you should do 2 Troubleshooting 2.1 False Positives 2.2 Tuning Guidance 3 Additional Information 3.1 Support 3.2 Similar Rules 3.3 Knowledge Base Articles 3.4 Outside References 3.5 Notes

Description

This is an internal OSSEC anomaly detection event. It detects when the average number of log events on the system is spiking anomalously

What you should do

This means that the average log volume for the host has spiked for some reason. It could indicate an attack, or just a spike in log traffic volume related to utilization. Investigate the nature of the spike

Troubleshooting

False Positives

There are no false positives with this rule.

Tuning Guidance

There is no guidance for tuning this rule.

Additional Information

Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes