Permalink
Browse files

Merge branch '3.7'

  • Loading branch information...
jesuslinares committed Oct 31, 2018
2 parents af57107 + 9a1a848 commit b9d53276c8cad2043d5372ff5de13f5e6f8f562f
Showing with 1,143 additions and 23 deletions.
  1. +6 −1 CHANGELOG.md
  2. +1 −1 VERSION
  3. +1 −1 decoders/0010-active-response_decoders.xml
  4. +1,121 −19 rules/0545-osquery_rules.xml
  5. +1 −1 rules/0560-docker_integration_rules.xml
  6. +13 −0 update_ruleset
View
@@ -5,12 +5,17 @@ All notable changes to this project will be documented in this file.
### Added
- osuqery: specific alerts for default packs. ([#196](https://github.com/wazuh/wazuh-ruleset/pull/196))
- osquery: specific alerts for default packs. ([#196](https://github.com/wazuh/wazuh-ruleset/pull/196))
- Azure integration: Decoders and rules. ([#189](https://github.com/wazuh/wazuh-ruleset/pull/189))
### Changed
- osquery: Rename alerts fields reference. ([#196](https://github.com/wazuh/wazuh-ruleset/pull/196))
- update_ruleset is not available in worker nodes. ([#225](https://github.com/wazuh/wazuh-ruleset/pull/225))
### Fixed
- Fixed active response decoder in order to match with different dates. ([#223](https://github.com/wazuh/wazuh-ruleset/pull/223))
### Removed
View
@@ -1,2 +1,2 @@
RULESET_VERSION="v3.7.0"
REVISION="3700"
REVISION="3701"
@@ -27,7 +27,7 @@ Wed 12/07/2016 16:48:15.37 "active-response/bin/route-null.cmd" delete "-" "192.
<decoder name="ar_log">
<prematch>^\w\w\w \w+\s+\d+ \d\d:\d\d:\d\d \w+ \d+ /\S+/active-response/bin/|^\w\w\w \d\d/\d\d/\d\d\d\d \.+"active-response/bin/|^\d\d/\d\d/\d\d\d\d \.+"active-response/bin/</prematch>
<prematch>^\w\w\w \w+\s+\d+ \d\d:\d\d:\d\d \p*\w+ \d+ /\S+/active-response/bin/|^\w\w\w \d\d/\d\d/\d\d\d\d \.+"active-response/bin/|^\d\d/\d\d/\d\d\d\d \.+"active-response/bin/</prematch>
</decoder>
<decoder name="ar_log_fields">
Oops, something went wrong.

0 comments on commit b9d5327

Please sign in to comment.