Releases
v3.10.0
bah07
released this
16 Sep 09:10
Added
Add rules for VIPRE antivirus. (#327 )
Add decoders and rules for Panda-PAPS. (#437 )
Add decoders and rules for CheckPoint Smart-1 firewalls. (#440 )
Add Windows Software Restriction Policy rules. (#461 )
Add perdition (imap/pop3 proxy) rules (by @gkissand ). (#407 )
Extend event detection for Windows Defender decoders (by @MarauderDueling ). (#220 )
Add support for NAXSI web application firewall (by @kravietz ). (#354 )
Improved postfix decoder (by @iasdeoupxe ). (#410 )
Add a rule to alert about changes in system time. (#239 )
Add a rule to detect sudo actions from users other than root. (#149 )
Add Cisco-ASA rules and decoders. (#425 )
Add HIPAA compliance groups to the ruleset. (#400 )
Add mapping for HIPAA and NIST_800_53 compliance to SCA policies. (#421 )
SCA policies have been improved and refactored. (#406 )
Add recon group to SSH rule (by @kravietz ). (#323 )
Add a rule to detect untrusted kernel modules being loaded (by @kravietz ). (#323 )
Add a rule for rndg failure (by @kravietz ). (#323 )
Add rules for RAID and disk failure (by @kravietz ). (#323 )
Add a rule for ZFS error message (by @kravietz ). (#323 )
Add a rule for systemd status=1/FAILURE (by @kravietz ). (#323 )
Fixed
Fix Sonicwall decoders. (#274 )
Fix for Windows decoder. (#154 )
Fix regex to detect rootkit trojans (by @erinish ). (#144 )
Fix rules about shellshock attack. (#458 )
You can’t perform that action at this time.