Skip to content

Commit

Permalink
Merge pull request #1 from gkissand/gkissand-perdition-patch-1
Browse files Browse the repository at this point in the history 
adding perdition
  • Loading branch information
@gkissand
gkissand committed Aug 23, 2019
2 parents 766e0b5 + abd5d76 commit 1b56215
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions rules/0020-syslog_rules.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -762,6 +762,29 @@

</group>

<group name="syslog,perdition,">
<rule id="2962" level="0">
<decoded_as>perdition</decoded_as>
<description>Perdition custom app group.</description>
</rule>

<rule id="2963" level="3">
<if_sid>2962</if_sid>
<match>Connect: </match>
<description>perdition: New connection.</description>
<group>connection_attempt,pci_dss_10.6.1,</group>
</rule>

<rule id="2964" level="10" frequency="4" timeframe="30">
<if_matched_sid>2963</if_matched_sid>
<same_source_ip />
<description>perdition: Multiple connection attempts from same source.</description>
<group>recon,pci_dss_11.4,</group>
</rule>


</group>

<group name="syslog,perdition,">
<rule id="2962" level="0">
<decoded_as>perdition</decoded_as>
Expand Down

0 comments on commit 1b56215

Please sign in to comment.