Add Windows firewall rules #532

havidarou · 2019-11-23T01:22:41Z

Hello team,
this PR adds a new base rule for Microsoft-Windows-Windows Firewall With Advanced Security/Firewall channel.

It provides rules for eventIDs:

2003 settingType 1 value Yes: Windows Firewall With Advanced Security: Windows Defender Firewall enabled.
2003 settingType 1 value No: Windows Firewall With Advanced Security: Windows Defender Firewall disabled.
2004: A rule has been added to the Windows Defender Firewall exception list.
2005: A rule has been modified in the Windows Defender Firewall exception list.
2006: A rule has been deleted in the Windows Defender Firewall exception list.

It also provides rules for:

Regards,
Javier.

Adding Windows firewall rules

67a7022

havidarou added enhancement rules Rules related issues windows labels Nov 23, 2019

snaow added this to the Sprint 103 - Core milestone Nov 23, 2019

snaow self-requested a review November 23, 2019 12:01

snaow approved these changes Nov 23, 2019

View reviewed changes

snaow merged commit 6d85658 into 3.11 Nov 23, 2019

snaow deleted the 3.11-windows-firewall branch November 23, 2019 12:03

Provide feedback