Skip to content

Commit

Permalink
Merge pull request #272 from wazuh/revert-259-fix-disc-alert
Browse files Browse the repository at this point in the history 
Revert "Update 0015-ossec_rules.xml"
  • Loading branch information
@albertomn86
albertomn86 authored Jan 24, 2019
2 parents ed3ea9a + 4196f65 commit ef31890
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions rules/0015-ossec_rules.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,47 +11,47 @@
<rule id="500" level="0">
<category>ossec</category>
<decoded_as>ossec</decoded_as>
<description>Grouping of Wazuh rules.</description>
<description>Grouping of ossec rules.</description>
</rule>

<rule id="501" level="3">
<if_sid>500</if_sid>
<if_fts />
<options>alert_by_email</options>
<match>Agent started</match>
<description>New Wazuh agent connected.</description>
<description>New ossec agent connected.</description>
<group>pci_dss_10.6.1,gpg13_10.1,gdpr_IV_35.7.d,</group>
</rule>

<rule id="502" level="3">
<if_sid>500</if_sid>
<options>alert_by_email</options>
<match>Ossec started</match>
<description>Wazuh server started.</description>
<description>Ossec server started.</description>
<group>pci_dss_10.6.1,gpg13_10.1,gdpr_IV_35.7.d,</group>
</rule>

<rule id="503" level="3">
<if_sid>500</if_sid>
<options>alert_by_email</options>
<match>Agent started</match>
<description>Wazuh agent started.</description>
<description>Ossec agent started.</description>
<group>pci_dss_10.6.1,pci_dss_10.2.6,gpg13_10.1,gdpr_IV_35.7.d,</group>
</rule>

<rule id="504" level="3">
<if_sid>500</if_sid>
<options>alert_by_email</options>
<match>Agent disconnected</match>
<description>Wazuh agent disconnected.</description>
<description>Ossec agent disconnected.</description>
<group>pci_dss_10.6.1,pci_dss_10.2.6,gpg13_10.1,gdpr_IV_35.7.d,</group>
</rule>

<rule id="505" level="3">
<if_sid>500</if_sid>
<options>alert_by_email</options>
<match>Agent removed</match>
<description>Wazuh agent removed.</description>
<description>Ossec agent removed.</description>
<group>pci_dss_10.6.1,pci_dss_10.2.6,gpg13_10.1,gdpr_IV_35.7.d,</group>
</rule>

Expand Down Expand Up @@ -151,7 +151,7 @@
<rule id="530" level="0">
<if_sid>500</if_sid>
<match>^ossec: output: </match>
<description>Wazuh process monitoring rules.</description>
<description>OSSEC process monitoring rules.</description>
<group>process_monitor,</group>
</rule>

Expand Down

0 comments on commit ef31890

Please sign in to comment.