Skip to content

BernaldoPenasAntelo/Decoders-wazuh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
Decoder_SonicWall_ECS
Decoder_SonicWall_ECS
 
 
Decoders_Paloalto_Wazuh
Decoders_Paloalto_Wazuh
 
 
Decoders_Sophos_Firewall_ECS
Decoders_Sophos_Firewall_ECS
 
 
Decoders_TrendMicro_DeepSecurity_ECS_CEF
Decoders_TrendMicro_DeepSecurity_ECS_CEF
 
 
Decoders_TrendMicro_ScanMail_Exchange_ECS_CEF
Decoders_TrendMicro_ScanMail_Exchange_ECS_CEF
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Rules_Paloalto_ECS
Rules_Paloalto_ECS
 
 
Rules_SonicWall_ECS
Rules_SonicWall_ECS
 
 
Rules_Sophos_firewall_ECS
Rules_Sophos_firewall_ECS
 
 
Rules_TrendMicro_Deepsecurity_ECS_CEF
Rules_TrendMicro_Deepsecurity_ECS_CEF
 
 
Rules_TrendMicro_ScanMail_ECS_CEF
Rules_TrendMicro_ScanMail_ECS_CEF
 
 

Repository files navigation

Decoders-wazuh

This repository contains custom Decoders and rules for various Products that I have created for my own use.

Log fields where mapped to ECS (Elastic Common Schema) to integrate them with an ELK stack please review: https://www.elastic.co/guide/en/ecs/current/index.html

Contents:

  • Paloalto Firewall Decoders and Rules
  • Sonicwall Firewall Decoders and Rules
  • Sophos Firewall Decoders and rules
  • TrendMicro DeepSecurity Decoders and Rules
  • TrendMicro ScanMail Decoders and Rules

USAGE

  • Decoders must be placed on /var/ossec/etc/decoders folder
  • Rules must be placed on /var/ossec/etc/rules folder
  • In some cases existing decoder may be bypasssed with configuration, for example Sonicwall
 <decoder_exclude>0295-sonicwall_decoders.xml</decoder_exclude>

About

New custom decoders for wazuh

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published