Skip to content

Wazuh Ruleset 3.5.0
Compare
Choose a tag to compare
@vikman90 vikman90 released this 29 Aug 19:26
· 922 commits to master since this release
v3.5.0
53c59a5
This commit was signed with the committer’s verified signature. The key has expired.
vikman90 Victor M. Fernandez-Castro
GPG key ID: 1468313D31B5FCA8
Expired
Learn about vigilant mode.

Added

  • Rules for the new osquery integration.
  • Rule to ignore syscollector events.
  • CIS-CAT rules improved.
  • Rules and decoders for the new Kaspersky integration.
  • CIS rootchecks for Windows 2012 R2 (by @Bob-Andrews).
  • Extract port name for Sysmon event 3. (#127)
  • Improve Shellshock detection. (#115)

Changed

  • Decreased agent upgrade failure rules level.

Fixed

  • Windows rules: Fix SID syntax for group membership changes. (#125).
  • Windows decoders: Match "Subject :" format (#128).
Assets 2