Wazuh Ruleset v3.12.1

Fixed

• Fixed the Dropbear brute force rule entrypoint. (#589)

Wazuh Ruleset v3.12.0

Added

• Extend the rules to detect shellshock attacks (by @iasdeoupxe). (#459)
• Update Roundcube decoder to support versions greater than 1.4 (by @iasdeoupxe). (#537)
• Added Junos rules and decoders (#581)

Fixed

• Fix GPG requirement in Windows rules. (#562)
• Improve Cisco decoders and fix Owlh rule's IDs conflict. (#570)
• Fixed checkpoint decoders to read events with a different format. (#156)

Wazuh Ruleset v3.11.4

There are no changes for Wazuh Ruleset in this version.

Wazuh Ruleset v3.11.3

There are no changes for Wazuh Ruleset in this version.

Wazuh Ruleset v3.11.2

Fixed

• Fixed permissions of the VERSION file. (#545)

Wazuh Ruleset 3.11.1

There are no changes for Wazuh Ruleset in this version.

Wazuh Ruleset 3.11.0

Added

• Add rules and decoders for McAfee EPO. (#467)
• Add PCI-DSS mapping to vulnerability detector rules. (#525)
• Add a new base rule for Microsoft Windows Firewall With Advanced Security/Firewalls. (#532)

Changed

• Let osquery daemon messages appear in alerts as the full log. (#531)
• Make double-point termination optional in the postfix decoder (by @iasdeoupxe). (#245)

Fixed

• Fix typo in network checks for SCA Debian 8 and 9 policies. (#514)
• Fix path in audit checks for SCA Debian 8 and 9 policies. (#527)
• Fix last space in regular expression for SCA check about NTP. (#521)
• Unify SCA regular expressions about installed packages by dpkg. (#522)

Wazuh Ruleset 3.10.2

There are no changes for Wazuh Ruleset in this version.

Wazuh Ruleset 3.10.1

There are no changes for Wazuh Ruleset in this version.

Wazuh Ruleset 3.10.0

Added

• Add rules for VIPRE antivirus. (#327)
• Add decoders and rules for Panda-PAPS. (#437)
• Add decoders and rules for CheckPoint Smart-1 firewalls. (#440)
• Add Windows Software Restriction Policy rules. (#461)
• Add perdition (imap/pop3 proxy) rules (by @gkissand). (#407)
• Extend event detection for Windows Defender decoders (by @MarauderDueling). (#220)
• Add support for NAXSI web application firewall (by @kravietz). (#354)
• Improved postfix decoder (by @iasdeoupxe). (#410)
• Add a rule to alert about changes in system time. (#239)
• Add a rule to detect sudo actions from users other than root. (#149)
• Add Cisco-ASA rules and decoders. (#425)
• Add HIPAA compliance groups to the ruleset. (#400)
• Add mapping for HIPAA and NIST_800_53 compliance to SCA policies. (#421)
• SCA policies have been improved and refactored. (#406)
• Add recon group to SSH rule (by @kravietz). (#323)
• Add a rule to detect untrusted kernel modules being loaded (by @kravietz). (#323)
• Add a rule for rndg failure (by @kravietz). (#323)
• Add rules for RAID and disk failure (by @kravietz). (#323)
• Add a rule for ZFS error message (by @kravietz). (#323)
• Add a rule for systemd status=1/FAILURE (by @kravietz). (#323)

Fixed

• Fix Sonicwall decoders. (#274)
• Fix for Windows decoder. (#154)
• Fix regex to detect rootkit trojans (by @erinish). (#144)
• Fix rules about shellshock attack. (#458)