Releases: wazuh/wazuh-ruleset
Releases · wazuh/wazuh-ruleset
Wazuh Ruleset 3.7.1
Added
- New Vulnerability detector rules to warn about version comparison issues. (#237)
Wazuh Ruleset 3.7.0
Added
Changed
- osquery: Rename alerts fields reference. (#196)
- update_ruleset is not available in worker nodes. (#225)
- Update composite rules to match only same_source_ip events. (#161)
Fixed
- Fixed active response decoder in order to match with different dates. (#223)
Removed
- Removed deprecated rules for Syscheck.
Wazuh Ruleset 3.6.1
Wazuh Ruleset 3.6.0
Wazuh Ruleset 3.5.0
Added
- Rules for the new osquery integration.
- Rule to ignore syscollector events.
- CIS-CAT rules improved.
- Rules and decoders for the new Kaspersky integration.
- CIS rootchecks for Windows 2012 R2 (by @Bob-Andrews).
- Extract port name for Sysmon event 3. (#127)
- Improve Shellshock detection. (#115)
Changed
- Decreased agent upgrade failure rules level.
Fixed
Wazuh Ruleset 3.4.0
Added
- Decoder for syscheck integration with audit.
Changed
- Removed offset of the
frequencyattribute in rules. (#145)
Wazuh Ruleset 3.3.1
Added
- Rule to detect when agents are unable to unmerge shared files. (#143)
Wazuh Ruleset 3.3.0
There are no changes for Wazuh Ruleset in this version.
Wazuh Ruleset 3.2.4
There are no changes for Wazuh Ruleset in this version.
Wazuh Ruleset 3.2.3
Added
- GDPR (General Data Protection Regulation) mapping.
- Improve GeoIP and composite rule support for AWS events.
- Pfsense rules.
Fixed
- Error handling in update ruleset script using python3.