Skip to content

Wazuh Ruleset 3.10.0
Compare
Choose a tag to compare
@bah07 bah07 released this 16 Sep 09:10
· 611 commits to master since this release
v3.10.0
f11e833
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • Add rules for VIPRE antivirus. (#327)
  • Add decoders and rules for Panda-PAPS. (#437)
  • Add decoders and rules for CheckPoint Smart-1 firewalls. (#440)
  • Add Windows Software Restriction Policy rules. (#461)
  • Add perdition (imap/pop3 proxy) rules (by @gkissand). (#407)
  • Extend event detection for Windows Defender decoders (by @MarauderDueling). (#220)
  • Add support for NAXSI web application firewall (by @kravietz). (#354)
  • Improved postfix decoder (by @iasdeoupxe). (#410)
  • Add a rule to alert about changes in system time. (#239)
  • Add a rule to detect sudo actions from users other than root. (#149)
  • Add Cisco-ASA rules and decoders. (#425)
  • Add HIPAA compliance groups to the ruleset. (#400)
  • Add mapping for HIPAA and NIST_800_53 compliance to SCA policies. (#421)
  • SCA policies have been improved and refactored. (#406)
  • Add recon group to SSH rule (by @kravietz). (#323)
  • Add a rule to detect untrusted kernel modules being loaded (by @kravietz). (#323)
  • Add a rule for rndg failure (by @kravietz). (#323)
  • Add rules for RAID and disk failure (by @kravietz). (#323)
  • Add a rule for ZFS error message (by @kravietz). (#323)
  • Add a rule for systemd status=1/FAILURE (by @kravietz). (#323)

Fixed

  • Fix Sonicwall decoders. (#274)
  • Fix for Windows decoder. (#154)
  • Fix regex to detect rootkit trojans (by @erinish). (#144)
  • Fix rules about shellshock attack. (#458)
Assets 2