Skip to content

Releases: wazuh/wazuh-ruleset

Wazuh Ruleset v3.12.1

08 Apr 17:12
@bah07 bah07
v3.12.1
11cb44d
Compare
Choose a tag to compare
Wazuh Ruleset v3.12.1

Fixed

  • Fixed the Dropbear brute force rule entrypoint. (#589)
Assets 2
Loading

Wazuh Ruleset v3.12.0

24 Mar 10:18
@bah07 bah07
v3.12.0
f19015b
Compare
Choose a tag to compare
Wazuh Ruleset v3.12.0

Added

  • Extend the rules to detect shellshock attacks (by @iasdeoupxe). (#459)
  • Update Roundcube decoder to support versions greater than 1.4 (by @iasdeoupxe). (#537)
  • Added Junos rules and decoders (#581)

Fixed

  • Fix GPG requirement in Windows rules. (#562)
  • Improve Cisco decoders and fix Owlh rule's IDs conflict. (#570)
  • Fixed checkpoint decoders to read events with a different format. (#156)
Assets 2
Loading

Wazuh Ruleset v3.11.4

25 Feb 16:46
@vikman90 vikman90
v3.11.4
2b2746b
This commit was signed with the committer’s verified signature. The key has expired.
vikman90 Victor M. Fernandez-Castro
GPG key ID: 1468313D31B5FCA8
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Wazuh Ruleset v3.11.4

There are no changes for Wazuh Ruleset in this version.

Assets 2
Loading

Wazuh Ruleset v3.11.3

28 Jan 16:40
@vikman90 vikman90
v3.11.3
fc5bb70
This commit was signed with the committer’s verified signature. The key has expired.
vikman90 Victor M. Fernandez-Castro
GPG key ID: 1468313D31B5FCA8
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Wazuh Ruleset v3.11.3

There are no changes for Wazuh Ruleset in this version.

Assets 2
Loading

Wazuh Ruleset v3.11.2

17 Jan 06:43
@vikman90 vikman90
v3.11.2
66fd71e
This commit was signed with the committer’s verified signature. The key has expired.
vikman90 Victor M. Fernandez-Castro
GPG key ID: 1468313D31B5FCA8
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Wazuh Ruleset v3.11.2

Fixed

  • Fixed permissions of the VERSION file. (#545)
Assets 2
Loading

Wazuh Ruleset 3.11.1

04 Jan 10:46
@vikman90 vikman90
v3.11.1
6ab1822
This commit was signed with the committer’s verified signature. The key has expired.
vikman90 Victor M. Fernandez-Castro
GPG key ID: 1468313D31B5FCA8
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Wazuh Ruleset 3.11.1

There are no changes for Wazuh Ruleset in this version.

Assets 2
Loading

Wazuh Ruleset 3.11.0

23 Dec 16:06
@vikman90 vikman90
v3.11.0
f3cfd0b
Compare
Choose a tag to compare
Wazuh Ruleset 3.11.0

Added

  • Add rules and decoders for McAfee EPO. (#467)
  • Add PCI-DSS mapping to vulnerability detector rules. (#525)
  • Add a new base rule for Microsoft Windows Firewall With Advanced Security/Firewalls. (#532)

Changed

  • Let osquery daemon messages appear in alerts as the full log. (#531)
  • Make double-point termination optional in the postfix decoder (by @iasdeoupxe). (#245)

Fixed

  • Fix typo in network checks for SCA Debian 8 and 9 policies. (#514)
  • Fix path in audit checks for SCA Debian 8 and 9 policies. (#527)
  • Fix last space in regular expression for SCA check about NTP. (#521)
  • Unify SCA regular expressions about installed packages by dpkg. (#522)
Assets 2
Loading

Wazuh Ruleset 3.10.2

23 Sep 17:31
@chemamartinez chemamartinez
v3.10.2
f6ec676
This commit was signed with the committer’s verified signature. The key has expired.
vikman90 Victor M. Fernandez-Castro
GPG key ID: 1468313D31B5FCA8
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Wazuh Ruleset 3.10.2

There are no changes for Wazuh Ruleset in this version.

Assets 2
Loading

Wazuh Ruleset 3.10.1

19 Sep 20:13
@vikman90 vikman90
v3.10.1
2db6bbc
Compare
Choose a tag to compare
Wazuh Ruleset 3.10.1

There are no changes for Wazuh Ruleset in this version.

Assets 2
Loading

Wazuh Ruleset 3.10.0

16 Sep 09:10
@bah07 bah07
v3.10.0
f11e833
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Wazuh Ruleset 3.10.0

Added

  • Add rules for VIPRE antivirus. (#327)
  • Add decoders and rules for Panda-PAPS. (#437)
  • Add decoders and rules for CheckPoint Smart-1 firewalls. (#440)
  • Add Windows Software Restriction Policy rules. (#461)
  • Add perdition (imap/pop3 proxy) rules (by @gkissand). (#407)
  • Extend event detection for Windows Defender decoders (by @MarauderDueling). (#220)
  • Add support for NAXSI web application firewall (by @kravietz). (#354)
  • Improved postfix decoder (by @iasdeoupxe). (#410)
  • Add a rule to alert about changes in system time. (#239)
  • Add a rule to detect sudo actions from users other than root. (#149)
  • Add Cisco-ASA rules and decoders. (#425)
  • Add HIPAA compliance groups to the ruleset. (#400)
  • Add mapping for HIPAA and NIST_800_53 compliance to SCA policies. (#421)
  • SCA policies have been improved and refactored. (#406)
  • Add recon group to SSH rule (by @kravietz). (#323)
  • Add a rule to detect untrusted kernel modules being loaded (by @kravietz). (#323)
  • Add a rule for rndg failure (by @kravietz). (#323)
  • Add rules for RAID and disk failure (by @kravietz). (#323)
  • Add a rule for ZFS error message (by @kravietz). (#323)
  • Add a rule for systemd status=1/FAILURE (by @kravietz). (#323)

Fixed

  • Fix Sonicwall decoders. (#274)
  • Fix for Windows decoder. (#154)
  • Fix regex to detect rootkit trojans (by @erinish). (#144)
  • Fix rules about shellshock attack. (#458)
Assets 2
Loading