Sorry if there was a misunderstanding, but what I meant by the post was that you can use some sort of GUI to view the events that you would not normally get alerted on. OSSEC can also be configured to run daily reports, and you could cron this to match the workflow I mentioned in the post, but the better solution is to use a good GUI front-end for that.

Thanks,
Mike

I have started deploying OSSEC for my group last week. Your blog posts were very helpful. Thank you !!
I am able to write new rules to tune ossec and reduce noise but I am not able to figure out how you group alerts by level to be sent once a day/week/month as you suggest in this blog post. I would appreciate any pointers you can provide regarding this.

Thanks again.

Regards,
Harika Tandra.