Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Rebase] Ruleset General Rebase PR #570

Merged
merged 20 commits into from
Mar 13, 2020
Merged

[Rebase] Ruleset General Rebase PR #570

merged 20 commits into from
Mar 13, 2020

Conversation

joselopezrio
Copy link

@joselopezrio joselopezrio commented Mar 11, 2020
edited
Loading

Hello team,
this PR is a collection of rebased old PRs to point them to the 3.12 branch.
There is also a duplicated ID conflict in 0650-owlh-zeek_rules.xml file. This PR solves that too.

List of changes

  • Rebase Improve Cisco Decoders (by @Lopuiz). (#570)
  • Fixed Owlh rule's IDs conflict (by @SergioPA).(#570)
  • Fixed checkpoint decoders to read events with a different format (by @SitoRBJ).(#156)

With all the changes applied, there are no conflicts in the runtext.py execution:

- [ File = ./tests/SonicWall.ini ] ---------
........
- [ File = ./tests/apache.ini ] ---------
............
- [ File = ./tests/apparmor.ini ] ---------
.....
- [ File = ./tests/checkpoint_smart1.ini ] ---------
..................
- [ File = ./tests/cimserver.ini ] ---------
..
- [ File = ./tests/cisco_asa.ini ] ---------
.......................................................................................
- [ File = ./tests/cisco_ios.ini ] ---------
.....
- [ File = ./tests/cpanel.ini ] ---------
.......
- [ File = ./tests/doas.ini ] ---------
....
- [ File = ./tests/dovecot.ini ] ---------
...............
- [ File = ./tests/exim.ini ] ---------
.....
- [ File = ./tests/features.ini ] ---------
....
- [ File = ./tests/firewalld.ini ] ---------
..
- [ File = ./tests/mailscanner.ini ] ---------
.
- [ File = ./tests/mcafee_epo.ini ] ---------
.
- [ File = ./tests/modsecurity.ini ] ---------
......
- [ File = ./tests/named.ini ] ---------
.....
- [ File = ./tests/netscreen.ini ] ---------
....
- [ File = ./tests/nextcloud.ini ] ---------
.......
- [ File = ./tests/nginx.ini ] ---------
............
- [ File = ./tests/opensmtpd.ini ] ---------
.......
- [ File = ./tests/oscap.ini ] ---------
................................
- [ File = ./tests/ossec.ini ] ---------
.....
- [ File = ./tests/owlh.ini ] ---------
....
- [ File = ./tests/pam.ini ] ---------
.....
- [ File = ./tests/panda_paps.ini ] ---------
........
- [ File = ./tests/postfix.ini ] ---------
..
- [ File = ./tests/proftpd.ini ] ---------
.......
- [ File = ./tests/rsh.ini ] ---------
..
- [ File = ./tests/samba.ini ] ---------
....
- [ File = ./tests/sshd.ini ] ---------
...........................
- [ File = ./tests/su.ini ] ---------
.....
- [ File = ./tests/sudo.ini ] ---------
........
- [ File = ./tests/syslog.ini ] ---------
.....
- [ File = ./tests/sysmon.ini ] ---------
...
- [ File = ./tests/systemd.ini ] ---------
..
- [ File = ./tests/unbound.ini ] ---------

- [ File = ./tests/vsftpd.ini ] ---------
....
- [ File = ./tests/web_appsec.ini ] ---------
...............................
- [ File = ./tests/web_rules.ini ] ---------
.....

Regards,
Jose Manuel Lopez

@joselopezrio joselopezrio added enhancement decoders Decoders related issues labels Mar 11, 2020
@sergiospa sergiospa changed the title [Rebase] Improve Cisco Decoders [Rebase] Ruleset big PR Mar 11, 2020
@K-Embee K-Embee mentioned this pull request Mar 12, 2020
Merged
@joselopezrio joselopezrio changed the title [Rebase] Ruleset big PR [Rebase] Ruleset General Rebase PR Mar 12, 2020
@MiguelCasaresRobles MiguelCasaresRobles merged commit 5cdfaf1 into 3.12 Mar 13, 2020
@MiguelCasaresRobles MiguelCasaresRobles deleted the Rebase-Improve-Cisco-Decoders branch March 13, 2020 15:45
@MiguelCasaresRobles MiguelCasaresRobles mentioned this pull request Mar 13, 2020
Closed
@joselopezrio joselopezrio mentioned this pull request Apr 6, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MiguelCasaresRobles MiguelCasaresRobles MiguelCasaresRobles approved these changes

Assignees
No one assigned
Labels
decoders Decoders related issues enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@joselopezrio @MiguelCasaresRobles @sergiospa @SitoRBJ @eliasgrana