Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adapt rules to the new Windows registry monitoring #768

Merged
merged 1 commit into from
Dec 15, 2020

Conversation

Molter73
Copy link
Contributor

Description

This PR changes some of the existing syscheck rules and adds new ones in order to properly generate alerts according to the new registry scan feature.

Some of the changes introduced include:

  • Creation of groups syscheck_file and syscheck_registry to group alert according to the type of element that triggered it.
  • Creation of groups syscheck_entry_deleted, syscheck_entry_added and syscheck_entry_modified to group alerts according to the type of event that triggered it.
  • Modified existing, unused registry rules to adapt them to the new registry events.
  • Created registry value specific rules.

@Molter73 Molter73 requested a review from bah07 October 23, 2020 12:30
@Molter73 Molter73 self-assigned this Oct 23, 2020
@jesusjimsa jesusjimsa added core/fim File Integrity Monitoring rules core/fim/registry File Integrity Monitoring registry rules rules Rules related issues windows labels Nov 25, 2020
@vikman90 vikman90 merged commit d2b8ed8 into master Dec 15, 2020
@vikman90 vikman90 deleted the 6230-analysisd-new-registry branch December 15, 2020 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
core/fim/registry File Integrity Monitoring registry rules core/fim File Integrity Monitoring rules rules Rules related issues windows
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants