Skip to content

Releases: wazuh/wazuh-ruleset

Wazuh Ruleset 3.2.2

07 May 16:31
Compare
Choose a tag to compare

Fixed

  • Syntax error in cis_rhel7_linux_rcl.txt.
  • OpenLDAP decoders to extract the IP address properly.
  • Owncloud rules compatible with JSON logs.
  • Postfix decoders and rules.
  • Sendmail decoders to extract the IP address properly.
  • False positives in SLES 11 rootchecks.

Removed

  • Removed alert_by_email for rule 1002 and 9704.

Added

  • OpenVAS decoders and rules.
  • Pfsense decoders.
  • Mysql rules for Percona and Mcafee.
  • MariaDB decoders and rules.
  • Added rootcheck file for apache 2.2/2.4 (by @Bob-Andrews).
  • Rules to detect USB devices disconnected.

Wazuh Ruleset 3.2.1

03 Mar 01:35
935e108
Compare
Choose a tag to compare

Fixed

  • Silence rules about OpenSCAP and CIS-CAT scan status.
  • Add compatibility between versions for CIS-CAT rules.
  • Sudo decoders extract commands with spaces.

Wazuh Ruleset 3.2.0

08 Feb 19:39
aa1ab25
Compare
Choose a tag to compare

Added

  • Added new rules for Vulnerability detector.

Removed

  • Removed svchost.exe and inetsrv.exe processes checking outside SysNative due to false positive.

Fixed

  • Fixed update_ruleset script.

Wazuh Ruleset 3.1.0

22 Dec 03:39
Compare
Choose a tag to compare

Added

  • New rules for VULS integration.
  • New rules for CIS-CAT integration.

v3.0.0

02 Dec 00:39
240b5f2
Compare
Choose a tag to compare

Added

  • New features for "update_ruleset.py": custom URL and branch name
  • New users added to list of known malicious user agents
  • OwnCloud (Rules and decoders)
  • Updated scap content from https://github.com/OpenSCAP/scap-security-guide
  • Rules for VirusTotal integration
  • Add GPG13 mappings to rules (gpg13.com)

Changed

  • Removed "MJ12bot" from list of known malicious user agents
  • SSH decoders
  • OpenVPN decoders
  • RoundCube (Rules and decoders)

v2.1.0

17 Aug 16:46
Compare
Choose a tag to compare

Added

  • Decoders and rules for anti-flooding mechanism

Fixed

  • Fixed Windows decoders to extract the proper fields

v2.1.1

25 Sep 14:34
Compare
Choose a tag to compare
Change agent event queue status field for level, and rule description

v2.0.1

24 Jul 21:14
Compare
Choose a tag to compare

Added

  • Rules/decoders:
    • Microsoft Windows Defender
    • Microsoft log related events
    • Microsoft SQL Server
    • Identity guard
    • Sysmon events 11 and 15
    • MongoDB
    • Docker
    • Jenkins
    • AWS S3
  • Update_ruleset.py accepts a custom download URL

Changed

  • web-accesslog_decoders.xml
  • Amazon rules
  • Rootcheck references
  • Sysmon uses dynamic fields
  • getawslog.py: Ignore digest files
  • Fortigate decoders
  • Apache decoders

Fixed

  • Bug in update_ruleset.py
  • Netstat command
  • SSH rootchecks

[v2.0]

24 Apr 10:04
Compare
Choose a tag to compare

[v2.0]

Added

  • Rules/decoders:
  • OpenSCAP
  • Switch HP 5500
  • Chrome Remote Desktop
  • Fortigate
  • OpenVPN
  • ModSecurity for Nginx
  • Barracuda
  • OpenWRT
  • RSA Authentication Manager
  • Imperva
  • Sophos
  • FreeIPA
  • Cisco eStreamer
  • Rootchecks:
  • CIS SLES 11 and 12
  • SCAP content
  • cve-debian-oval.xml
  • cve-redhat-6-ds.xml
  • cve-redhat-7-ds.xml
  • ssg-centos-6-ds.xml
  • ssg-centos-7-ds.xml
  • ssg-debian-8-ds.xml
  • ssg-fedora-ds.xml
  • ssg-rhel-6-ds.xml
  • ssg-rhel-7-ds.xml
  • ssg-ubuntu-1604-ds.xml

Changed

  • ossec_ruleset.py renamed to update_ruleset.py with new features.
  • New directory structure.

Fixed

  • Improvements in several decoders/rules.
  • RH7 rootchecks.
  • Improved getgetawslog.py.
  • IP version-independent regexs.

[v1.09]

12 May 12:10
Compare
Choose a tag to compare

Added

  • Decoders and rules for Amazon

Changed

  • Amazon directory structure.
  • Minor changes:
    • Apache and Nginx rules.
    • RH7 rootchecks.