Skip to content

Commit

Permalink
Fixed duplicated IDs in wazuh-ruleset
Browse files Browse the repository at this point in the history
  • Loading branch information
BraulioV committed Oct 31, 2017
1 parent ebfe35c commit 929467c
Showing 1 changed file with 18 additions and 18 deletions.
36 changes: 18 additions & 18 deletions rules/0490-owncloud_rules.xml → rules/0500-owncloud_rules.xml
View file
Expand Up @@ -3,60 +3,60 @@
- This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2. - This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2.
--> -->


<!-- ID: 87100 - 87200 --> <!-- ID: 87300 - 87400 -->
<group name="syslog,owncloud,"> <group name="syslog,owncloud,">
<rule id="87100" level="0"> <rule id="87300" level="0">
<decoded_as>owncloud</decoded_as> <decoded_as>owncloud</decoded_as>
<description>ownCloud messages grouped.</description> <description>ownCloud messages grouped.</description>
</rule> </rule>


<rule id="87101" level="6"> <rule id="87301" level="6">
<if_sid>87100</if_sid> <if_sid>87300</if_sid>
<match>Login failed: </match> <match>Login failed: </match>
<description>ownCloud authentication failed.</description> <description>ownCloud authentication failed.</description>
<group>authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,</group> <group>authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,</group>
</rule> </rule>


<rule id="87102" level="10" frequency="6" timeframe="120"> <rule id="87302" level="10" frequency="6" timeframe="120">
<if_matched_sid>87101</if_matched_sid> <if_matched_sid>87301</if_matched_sid>
<same_source_ip /> <same_source_ip />
<description>ownCloud brute force (multiple failed logins).</description> <description>ownCloud brute force (multiple failed logins).</description>
<group>authentication_failures,pci_dss_10.2.4,pci_dss_10.2.5,pci_dss_11.4,</group> <group>authentication_failures,pci_dss_10.2.4,pci_dss_10.2.5,pci_dss_11.4,</group>
</rule> </rule>


<rule id="87103" level="6"> <rule id="87303" level="6">
<if_sid>87100</if_sid> <if_sid>87300</if_sid>
<match>Passed filename is not valid, might be malicious </match> <match>Passed filename is not valid, might be malicious </match>
<description>ownCloud possible malicious request.</description> <description>ownCloud possible malicious request.</description>
<group>web,appsec,attack,pci_dss_6.5,pci_dss_11.4,</group> <group>web,appsec,attack,pci_dss_6.5,pci_dss_11.4,</group>
</rule> </rule>


<rule id="87104" level="8"> <rule id="87304" level="8">
<if_sid>87100</if_sid> <if_sid>87300</if_sid>
<status>^4$</status> <status>^4$</status>
<description>ownCloud FATAL message.</description> <description>ownCloud FATAL message.</description>
</rule> </rule>


<rule id="87105" level="4"> <rule id="87305" level="4">
<if_sid>87100</if_sid> <if_sid>87300</if_sid>
<status>^3$</status> <status>^3$</status>
<description>ownCloud ERROR message.</description> <description>ownCloud ERROR message.</description>
</rule> </rule>


<rule id="87106" level="3"> <rule id="87306" level="3">
<if_sid>87100</if_sid> <if_sid>87300</if_sid>
<status>^2$</status> <status>^2$</status>
<description>ownCloud WARN message.</description> <description>ownCloud WARN message.</description>
</rule> </rule>


<rule id="87107" level="0"> <rule id="87307" level="0">
<if_sid>87100</if_sid> <if_sid>87300</if_sid>
<status>^1$</status> <status>^1$</status>
<description>ownCloud INFO message.</description> <description>ownCloud INFO message.</description>
</rule> </rule>


<rule id="87108" level="0"> <rule id="87308" level="0">
<if_sid>87100</if_sid> <if_sid>87300</if_sid>
<status>^0$</status> <status>^0$</status>
<description>ownCloud DEBUG message.</description> <description>ownCloud DEBUG message.</description>
</rule> </rule>
Expand Down

0 comments on commit 929467c

Please sign in to comment.