-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cosmetic syntactic and housekeeping fixes #278
base: master
Are you sure you want to change the base?
Conversation
AFAICS, ossec/wazuh configuration files are not XML, I would say they are "XML-like". Specifically:
This is also why the regex engine treats |
@candlerb They aren't a well-formed XML but with a little cheating they can be processed using a XML parser. The cheating involves e.g. temporarily wrapping each |
Sure, although your preprocessor would have to convert |
Hello @kravietz, First of all, thank you for your contribution to the Ruleset repository. And I am sorry for so late answer. Kind regards, Eva |
@Lopuiz There is an important change in the |
All right, forgive the misunderstanding. Regards, Eva |
Hi @Lopuiz any luck with these? This is a small but important fix that will cause no problems. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi!
We will add these modifications in version 3.11 of Wazuh Ruleset
Regards,
Eva
Hi @kravietz, Sorry for the delay in the revisions and response, and thank you for the contribution. It is really appreciated. I can see you add new rules for syslog events. However, you mentioned it neither in the title nor in the description. I am also missing sample events that match with new rules. They would be very useful to create unit tests for newly rules. They are a requirement to add new rules to the repository. Here you can see some examples: https://github.com/wazuh/wazuh-ruleset/tree/master/tools/rules-testing/tests Finally, the pull request has conflicts for the syslog rules file, probably due to other changes that have been added to the file. Can you rebase the 3.12 branch to solve them? Again many thanks for the contribution, we hope changes are merged soon. Best regards, |
Clean up rule files