Silence 100% of use in snap disks

wazuh · Sep 4, 2018 · 35cd825 · 35cd825
1 parent f10198e
commit 35cd825
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/rules/0015-ossec_rules.xml b/rules/0015-ossec_rules.xml
@@ -183,6 +183,13 @@
     <description>List of the last logged in users.</description>
   </rule>
 
+  <rule id="536" level="0">
+    <if_sid>531</if_sid>
+      <regex>'df -P':\s+/dev/loop\d+\s+\d+\s+\d+\s+0\s+100%\s+/snap/\w+/\d+</regex>
+      <description>Ignore snap disks because are always 100% of capacity</description>
+  </rule>
+
+
   <rule id="550" level="7">
     <category>ossec</category>
     <decoded_as>syscheck_integrity_changed</decoded_as>