Releases: wazuh/wazuh-ruleset
Releases · wazuh/wazuh-ruleset
Wazuh Ruleset 3.2.2
Fixed
- Syntax error in cis_rhel7_linux_rcl.txt.
- OpenLDAP decoders to extract the IP address properly.
- Owncloud rules compatible with JSON logs.
- Postfix decoders and rules.
- Sendmail decoders to extract the IP address properly.
- False positives in SLES 11 rootchecks.
Removed
- Removed alert_by_email for rule 1002 and 9704.
Added
- OpenVAS decoders and rules.
- Pfsense decoders.
- Mysql rules for Percona and Mcafee.
- MariaDB decoders and rules.
- Added rootcheck file for apache 2.2/2.4 (by @Bob-Andrews).
- Rules to detect USB devices disconnected.
Wazuh Ruleset 3.2.1
Fixed
- Silence rules about OpenSCAP and CIS-CAT scan status.
- Add compatibility between versions for CIS-CAT rules.
- Sudo decoders extract commands with spaces.
Wazuh Ruleset 3.2.0
Added
- Added new rules for Vulnerability detector.
Removed
- Removed svchost.exe and inetsrv.exe processes checking outside SysNative due to false positive.
Fixed
- Fixed
update_ruleset
script.
Wazuh Ruleset 3.1.0
Added
- New rules for VULS integration.
- New rules for CIS-CAT integration.
v3.0.0
Added
- New features for "update_ruleset.py": custom URL and branch name
- New users added to list of known malicious user agents
- OwnCloud (Rules and decoders)
- Updated scap content from https://github.com/OpenSCAP/scap-security-guide
- Rules for VirusTotal integration
- Add GPG13 mappings to rules (gpg13.com)
Changed
- Removed "MJ12bot" from list of known malicious user agents
- SSH decoders
- OpenVPN decoders
- RoundCube (Rules and decoders)
v2.1.0
Added
- Decoders and rules for anti-flooding mechanism
Fixed
- Fixed Windows decoders to extract the proper fields
v2.1.1
v2.0.1
Added
- Rules/decoders:
- Microsoft Windows Defender
- Microsoft log related events
- Microsoft SQL Server
- Identity guard
- Sysmon events 11 and 15
- MongoDB
- Docker
- Jenkins
- AWS S3
- Update_ruleset.py accepts a custom download URL
Changed
- web-accesslog_decoders.xml
- Amazon rules
- Rootcheck references
- Sysmon uses dynamic fields
- getawslog.py: Ignore digest files
- Fortigate decoders
- Apache decoders
Fixed
- Bug in update_ruleset.py
- Netstat command
- SSH rootchecks
[v2.0]
[v2.0]
Added
- Rules/decoders:
- OpenSCAP
- Switch HP 5500
- Chrome Remote Desktop
- Fortigate
- OpenVPN
- ModSecurity for Nginx
- Barracuda
- OpenWRT
- RSA Authentication Manager
- Imperva
- Sophos
- FreeIPA
- Cisco eStreamer
- Rootchecks:
- CIS SLES 11 and 12
- SCAP content
- cve-debian-oval.xml
- cve-redhat-6-ds.xml
- cve-redhat-7-ds.xml
- ssg-centos-6-ds.xml
- ssg-centos-7-ds.xml
- ssg-debian-8-ds.xml
- ssg-fedora-ds.xml
- ssg-rhel-6-ds.xml
- ssg-rhel-7-ds.xml
- ssg-ubuntu-1604-ds.xml
Changed
- ossec_ruleset.py renamed to update_ruleset.py with new features.
- New directory structure.
Fixed
- Improvements in several decoders/rules.
- RH7 rootchecks.
- Improved getgetawslog.py.
- IP version-independent regexs.
[v1.09]
Added
- Decoders and rules for Amazon
Changed
- Amazon directory structure.
- Minor changes:
- Apache and Nginx rules.
- RH7 rootchecks.