This is more of question for my understanding...
In the examples section of CIM Add-on manual (for OSSEC) there is a statement that the Intrusion Detection data model requires the tags ids, attack, and host
If you look at the intrusion detection data model, the constraint is `ids_type="host"`
So host is not really a tag, but it is treated as such with regards to the data model?
thanks
↧