All notable changes to this project will be documented in this file.
- Serv-U Decoders & Rules.
- Directory structure: Decoders have been split.
- Script ossec_ruleset.py v2:
- Bug fixes.
- Python 2.6 compatibility.
- OSSEC 2.8.x compatibility.
- Restore backups automatically.
- Some issues with windows decoder have been solved.
- All sysmon decoders have windows as parent.
- Puppet Decoders & Rules.
- Compliance mapping with PCI DSS v3.1.
- Netscaler Decoders & Rules.
- ClamAV:
- New decoder: Extract main fields (path, virus name, hash) when a virus is detected.
- New rule: ClamAV Stopped.
- New rule: Virus detected multiple times.
- Sysmon decoders:
- Decoder for the new log format of Event 1
- Decoders for Events 2 - 8.
- Script ossec_ruleset.py for installing and updating rules, decoders and rootcheck.
- SSH Decoder modified to extract user name when invalid/illegal users trying to log in.
- Sysmon Decoder for Event 1 modified (It allows use the new decoder added for this event).
- Inital version: OSSEC out-of-the-box rules, decoders and rootchecks.