-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add tags for FIM directories and registries #1096
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A file like this would break the tag chain: my file<!other tag,
CHANGELOG.md
Outdated
@@ -1,6 +1,12 @@ | |||
# Change Log | |||
All notable changes to this project will be documented in this file. | |||
|
|||
## [v3.5.1] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change version to 3.6.0
src/analysisd/decoders/syscheck.c
Outdated
|
||
/* Every syscheck message must be in the following format: | ||
* checksum filename | ||
* checksum filename<!optional_tag> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should put the tags after the checksum.
…file name and tag start
7f615c3
to
360ebf9
Compare
This PR adds a new attribute called
tags
for monitored directories and registries as follows:These tags are separated by commas, and they are included in the alert fields:
Plain alert
JSON alert
It is necessary to include the new attribute in the
Syscheck
reference before merging this PR.