Permalink
Browse files

Fixed duplicated IDs in wazuh-ruleset

  • Loading branch information...
BraulioV committed Oct 31, 2017
1 parent ebfe35c commit 929467c304d00e5013c18234147bbe81ea3f755c
Showing with 18 additions and 18 deletions.
  1. +18 −18 rules/{0490-owncloud_rules.xml → 0500-owncloud_rules.xml}
@@ -3,60 +3,60 @@
- This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2.
-->
<!-- ID: 87100 - 87200 -->
<!-- ID: 87300 - 87400 -->
<group name="syslog,owncloud,">
<rule id="87100" level="0">
<rule id="87300" level="0">
<decoded_as>owncloud</decoded_as>
<description>ownCloud messages grouped.</description>
</rule>
<rule id="87101" level="6">
<if_sid>87100</if_sid>
<rule id="87301" level="6">
<if_sid>87300</if_sid>
<match>Login failed: </match>
<description>ownCloud authentication failed.</description>
<group>authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,</group>
</rule>
<rule id="87102" level="10" frequency="6" timeframe="120">
<if_matched_sid>87101</if_matched_sid>
<rule id="87302" level="10" frequency="6" timeframe="120">
<if_matched_sid>87301</if_matched_sid>
<same_source_ip />
<description>ownCloud brute force (multiple failed logins).</description>
<group>authentication_failures,pci_dss_10.2.4,pci_dss_10.2.5,pci_dss_11.4,</group>
</rule>
<rule id="87103" level="6">
<if_sid>87100</if_sid>
<rule id="87303" level="6">
<if_sid>87300</if_sid>
<match>Passed filename is not valid, might be malicious </match>
<description>ownCloud possible malicious request.</description>
<group>web,appsec,attack,pci_dss_6.5,pci_dss_11.4,</group>
</rule>
<rule id="87104" level="8">
<if_sid>87100</if_sid>
<rule id="87304" level="8">
<if_sid>87300</if_sid>
<status>^4$</status>
<description>ownCloud FATAL message.</description>
</rule>
<rule id="87105" level="4">
<if_sid>87100</if_sid>
<rule id="87305" level="4">
<if_sid>87300</if_sid>
<status>^3$</status>
<description>ownCloud ERROR message.</description>
</rule>
<rule id="87106" level="3">
<if_sid>87100</if_sid>
<rule id="87306" level="3">
<if_sid>87300</if_sid>
<status>^2$</status>
<description>ownCloud WARN message.</description>
</rule>
<rule id="87107" level="0">
<if_sid>87100</if_sid>
<rule id="87307" level="0">
<if_sid>87300</if_sid>
<status>^1$</status>
<description>ownCloud INFO message.</description>
</rule>
<rule id="87108" level="0">
<if_sid>87100</if_sid>
<rule id="87308" level="0">
<if_sid>87300</if_sid>
<status>^0$</status>
<description>ownCloud DEBUG message.</description>
</rule>

0 comments on commit 929467c

Please sign in to comment.