Understanding the Windows Agent in OSSEC

OSSEC's Windows Agent allows you to monitor a Windows system and extract any relevant security information
for the OSSEC manager.

The Windows agent does the following tasks:

Monitors the Windows event log on real time.
Monitors IIS logs (Web, FTP, SMTP) and any other logs present on your system (including Symantec Anti-Virus, MySQL, Apache, etc) on real time.
Periodically checks the Windows Registry for changes.
Periodically checks your Windows folders for changes.
Periodically does policy verifications to make sure your system is configured properly.
Looks for alternate NTFS File Streams.