Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIM wildcard Windows registers documentation #5932

Merged
merged 10 commits into from
Jul 18, 2023
Merged

FIM wildcard Windows registers documentation #5932

merged 10 commits into from
Jul 18, 2023

Conversation

GabrielEValenzuela
Copy link
Member

Description

This PR closes #5926 by adding documentation about how the new implementation of wildcards in FIM works (wazuh/wazuh#14321).

Checks

  • It compiles without warnings.
  • Spelling and grammar.
  • Used impersonal speech.
  • Used uppercase only on nouns.
  • Updated the redirect.js script if necessary (check this guide).

@GabrielEValenzuela GabrielEValenzuela marked this pull request as ready for review March 10, 2023 17:55
@GabrielEValenzuela GabrielEValenzuela self-assigned this Mar 10, 2023
@javimed
Copy link
Member

javimed commented Jun 29, 2023

This PR uses master as base branch but master was bumped to 4.7.0 version as of late

@jotacarma90 jotacarma90 self-requested a review July 3, 2023 18:27
@GabrielEValenzuela GabrielEValenzuela changed the base branch from master to 4.6.0 July 5, 2023 11:04
@GabrielEValenzuela GabrielEValenzuela force-pushed the 5926_wildcard_windows_registers branch 2 times, most recently from b099d10 to 289907b Compare July 5, 2023 11:29
@MarcelKemp MarcelKemp requested a review from javimed July 5, 2023 12:52
javimed
javimed approved these changes Jul 10, 2023
View reviewed changes
source/user-manual/reference/ossec-conf/syscheck.rst
@@ -1040,6 +1040,10 @@ windows_registry

List of registry entries to be monitored. One entry per line. Multiple lines may be entered to include multiple registry entries.

.. versionadded:: 4.6.0

To scan paths matching a pattern, you can use the wildcard characters ``?`` and ``*``. For example ``HKEY_LOCAL_MACHINE\SOFTWARE\*``. FIM uses these wildcards during scheduled scan.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
To scan paths matching a pattern, you can use the wildcard characters ``?`` and ``*``. For example ``HKEY_LOCAL_MACHINE\SOFTWARE\*``. FIM uses these wildcards during scheduled scan.
To scan paths matching a pattern, you can use the wildcard characters ``?`` and ``*``. For example ``HKEY_LOCAL_MACHINE\SOFTWARE\*``. FIM uses these wildcards during scheduled scans.

jotacarma90
jotacarma90 approved these changes Jul 11, 2023
View reviewed changes
Copy link
Member

@jotacarma90 jotacarma90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vikman90 vikman90 merged commit 999617f into 4.6.0 Jul 18, 2023
@vikman90 vikman90 deleted the 5926_wildcard_windows_registers branch July 18, 2023 08:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarcelKemp MarcelKemp MarcelKemp approved these changes

@javimed javimed javimed approved these changes

@jotacarma90 jotacarma90 jotacarma90 approved these changes

Assignees

@GabrielEValenzuela GabrielEValenzuela

Labels
pending-core syscheck
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Wildcards update documentation Windows registers
5 participants
@GabrielEValenzuela @javimed @MarcelKemp @jotacarma90 @vikman90