Skip to content

Commit

Permalink
Fix for Securityd rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@ooniagbi
ooniagbi committed Apr 12, 2023
1 parent babf4df commit fd022e7
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions ruleset/rules/0960-macos_rules.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,15 +81,15 @@
</rule>

<rule id="89608" level="3">
<decoded_as>macOS_securityd_process</decoded_as>
<match type="pcre2">(?i)session.+created</match>
<decoded_as>macOS_securityd</decoded_as>
<match type="pcre2">(?i)session.+created, uid:(\d+)</match>
<description>Session $(sessionId) has been created.</description>
<group>pci_dss_10.6.1,gdpr_IV_35.7.d,hipaa_164.312.b,nist_800_53_AU.6,tsc_CC7.2,tsc_CC7.3,</group>
</rule>

<rule id="89609" level="3">
<decoded_as>macOS_securityd_process</decoded_as>
<match type="pcre2">(?i)session.+destroyed</match>
<decoded_as>macOS_securityd</decoded_as>
<match type="pcre2">(?i)\[com\.apple\.securityd:SecServer\].\S+ session.+destroyed</match>
<description>Session $(sessionId) has been destroyed.</description>
<group>pci_dss_10.6.1,gdpr_IV_35.7.d,hipaa_164.312.b,nist_800_53_AU.6,tsc_CC7.2,tsc_CC7.3,</group>
</rule>
Expand Down

0 comments on commit fd022e7

Please sign in to comment.