├── README.md ├── decoders.d ├── 00-crs-iptables_decoder.xml ├── 00-crs-pam_decoder.xml ├── 00-crs-windows-date-format_decoder.xml ├── 50-crs-aix-ipsec_decoder.xml ├── 50-crs-apache_decoder.xml ├── 50-crs-apparmor_decoder.xml ├── 50-crs-arpwatch_decoder.xml ├── 50-crs-asterisk_decoder.xml ├── 50-crs-auditd_decoder.xml ├── 50-crs-barracuda_decoder.xml ├── 50-crs-checkpoint_decoder.xml ├── 50-crs-chkpwd_decoder.xml ├── 50-crs-cimserver_decoder.xml ├── 50-crs-cisco-ios_decoder.xml ├── 50-crs-cisco-vpnconcentrator_decoder.xml ├── 50-crs-clamd_decoder.xml ├── 50-crs-courier_decoder.xml ├── 50-crs-dhcp_decoder.xml ├── 50-crs-dnsmasq_decoder.xml ├── 50-crs-doas_decoder.xml ├── 50-crs-dovecot_decoder.xml ├── 50-crs-dragon_decoder.xml ├── 50-crs-dropbear_decoder.xml ├── 50-crs-exim_decoder.xml ├── 50-crs-ftpd_decoder.xml ├── 50-crs-grandstream_decoder.xml ├── 50-crs-horde_decoder.xml ├── 50-crs-imapd_decoder.xml ├── 50-crs-ipfilter_decoder.xml ├── 50-crs-isakmpd_decoder.xml ├── 50-crs-lighttpd_decoder.xml ├── 50-crs-mailscanner_decoder.xml ├── 50-crs-mptscsi_decoder.xml ├── 50-crs-ms-dhcp_decoder.xml ├── 50-crs-mysql_decoder.xml ├── 50-crs-named_decoder.xml ├── 50-crs-netscreen_decoder.xml ├── 50-crs-nginx_decoder.xml ├── 50-crs-nsd_decoder.xml ├── 50-crs-ntpd_decoder.xml ├── 50-crs-openbsd-pf_decoder.xml ├── 50-crs-openbsd_decoder.xml ├── 50-crs-openldap_decoder.xml ├── 50-crs-opensmtpd_decoder.xml ├── 50-crs-ossec_decoder.xml ├── 50-crs-owncloud_decoder.xml ├── 50-crs-pix_decoder.xml ├── 50-crs-portsentry_decoder.xml ├── 50-crs-postfix_decoder.xml ├── 50-crs-postgresql_decoder.xml ├── 50-crs-proftpd_decoder.xml ├── 50-crs-proxmox_decoder.xml ├── 50-crs-psad_decoder.xml ├── 50-crs-pure-ftpd_decoder.xml ├── 50-crs-raccoon_decoder.xml ├── 50-crs-roundcube_decoder.xml ├── 50-crs-rshd_decoder.xml ├── 50-crs-sendmail_decoder.xml ├── 50-crs-smbd_decoder.xml ├── 50-crs-snort_decoder.xml ├── 50-crs-solaris-bsm_decoder.xml ├── 50-crs-sonicwall_decoder.xml ├── 50-crs-squid_decoder.xml ├── 50-crs-sshd_decoder.xml ├── 50-crs-su_decoder.xml ├── 50-crs-sudo_decoder.xml ├── 50-crs-suhosin_decoder.xml ├── 50-crs-symantec-av_decoder.xml ├── 50-crs-symantec-websecurity_decoder.xml ├── 50-crs-sysmon_decoder.xml ├── 50-crs-telnetd_decoder.xml ├── 50-crs-trend-osce_decoder.xml ├── 50-crs-unbound_decoder.xml ├── 50-crs-vm-pop3d_decoder.xml ├── 50-crs-vmware-esx_decoder.xml ├── 50-crs-vpopmail_decoder.xml ├── 50-crs-vsftpd_decoder.xml ├── 50-crs-web-accesslog_decoder.xml ├── 50-crs-windows-ntsyslog_decoder.xml ├── 50-crs-windows-snare_decoder.xml ├── 50-crs-windows_decoder.xml ├── 50-crs-wordpress_decoder.xml ├── 50-crs-zeus_decoder.xml ├── 60-crs-cowrie_decoder.xml ├── 60-crs-dionaea_decoder.xml ├── 60-crs-iis-ftp_decoder.xml ├── 60-crs-iis-smtp_decoder.xml ├── 60-crs-iis-web_decoder.xml ├── 60-crs-kaspersky_decoder.xml ├── 60-crs-windows-firewall_decoder.xml └── README.md ├── ossec-testing ├── runtests.py └── tests │ ├── .pam.ini.swp │ ├── apache.ini │ ├── apparmor.ini │ ├── asterisk.ini │ ├── cimserver.ini │ ├── cisco_ios.ini │ ├── cpanel.ini │ ├── dnsmasq.ini │ ├── doas.ini │ ├── dovecot.ini │ ├── dpkg.ini │ ├── dropbear.ini │ ├── exim.ini │ ├── firewalld.ini │ ├── mailscanner.ini │ ├── modsecurity.ini │ ├── named.ini │ ├── netscreen.ini │ ├── nginx.ini │ ├── openbsd-dhcpd.ini │ ├── openbsd-httpd.ini │ ├── openbsd.ini │ ├── opensmtpd.ini │ ├── pam.ini │ ├── postfix.ini │ ├── proftpd.ini │ ├── rsh.ini │ ├── samba.ini │ ├── sshd.ini │ ├── su.ini │ ├── sudo.ini │ ├── syslog.ini │ ├── sysmon.ini │ ├── systemd.ini │ ├── unbound.ini │ ├── vsftpd.ini │ ├── web_appsec.ini │ └── web_rules.ini ├── rules.d ├── 00-crs-rules_config.xml ├── 00-crs-syslog_rules.xml ├── 50-crs-apache_rules.xml ├── 50-crs-apparmor_rules.xml ├── 50-crs-arpwatch_rules.xml ├── 50-crs-asterisk_rules.xml ├── 50-crs-cimserver_rules.xml ├── 50-crs-cisco-ios_rules.xml ├── 50-crs-clam_av_rules.xml ├── 50-crs-courier_rules.xml ├── 50-crs-dnsmasq_rules.xml ├── 50-crs-dovecot_rules.xml ├── 50-crs-dropbear_rules.xml ├── 50-crs-exim_rules.xml ├── 50-crs-firewall_rules.xml ├── 50-crs-firewalld_rules.xml ├── 50-crs-ftpd_rules.xml ├── 50-crs-hordeimp_rules.xml ├── 50-crs-ids_rules.xml ├── 50-crs-imapd_rules.xml ├── 50-crs-kesl_rules.xml ├── 50-crs-lighttpd_rules.xml ├── 50-crs-linux_usbdetect_rules.xml ├── 50-crs-mailscanner_rules.xml ├── 50-crs-mhn_cowrie_rules.xml ├── 50-crs-mhn_dionaea_rules.xml ├── 50-crs-ms-exchange_rules.xml ├── 50-crs-ms_dhcp_rules.xml ├── 50-crs-ms_ftpd_rules.xml ├── 50-crs-msauth_rules.xml ├── 50-crs-mysql_rules.xml ├── 50-crs-named_rules.xml ├── 50-crs-netscreenfw_rules.xml ├── 50-crs-nginx_rules.xml ├── 50-crs-openbsd_rules.xml ├── 50-crs-opensmtpd_rules.xml ├── 50-crs-ossec_rules.xml ├── 50-crs-pam_rules.xml ├── 50-crs-php_rules.xml ├── 50-crs-pix_rules.xml ├── 50-crs-postfix_rules.xml ├── 50-crs-postgresql_rules.xml ├── 50-crs-proftpd_rules.xml ├── 50-crs-pure-ftpd_rules.xml ├── 50-crs-racoon_rules.xml ├── 50-crs-roundcube_rules.xml ├── 50-crs-sendmail_rules.xml ├── 50-crs-smbd_rules.xml ├── 50-crs-solaris_bsm_rules.xml ├── 50-crs-sonicwall_rules.xml ├── 50-crs-spamd_rules.xml ├── 50-crs-squid_rules.xml ├── 50-crs-sshd_rules.xml ├── 50-crs-symantec-av_rules.xml ├── 50-crs-symantec-ws_rules.xml ├── 50-crs-sysmon_rules.xml ├── 50-crs-systemd_rules.xml ├── 50-crs-telnetd_rules.xml ├── 50-crs-trend-osce_rules.xml ├── 50-crs-unbound_rules.xml ├── 50-crs-vmpop3d_rules.xml ├── 50-crs-vmware_rules.xml ├── 50-crs-vpn_concentrator_rules.xml ├── 50-crs-vpopmail_rules.xml ├── 50-crs-vsftpd_rules.xml ├── 50-crs-web_rules.xml ├── 50-crs-wordpress_rules.xml ├── 50-crs-zeus_rules.xml ├── 55-crs-msft-firewall_rules.xml ├── 55-crs-topleveldomain_rules.xml ├── 60-crs-attack_rules.xml ├── 60-crs-mcafee_av_rules.xml ├── 60-crs-ms-se_rules.xml ├── 60-crs-ms1016_usbdetect_rules.xml ├── 60-crs-msft-ipsec_rules.xml ├── 60-crs-msft-powershell_rules.xml ├── 60-crs-web_appsec_rules.xml ├── 70-crs-last_rootlogin_rules.xml ├── 70-crs-nsd_rules.xml ├── 70-crs-openbsd-dhcp_rules.xml ├── 70-crs-owncloud_rules.xml ├── 70-crs-proxmox-ve_rules.xml ├── 70-crs-psad_rules.xml └── 99-crs-policy_rules.xml └── shared ├── acsc_office2016_rcl.txt ├── cis_apache2224_rcl.txt ├── cis_debian_linux_rcl.txt ├── cis_debianlinux7-8_L1_rcl.txt ├── cis_debianlinux7-8_L2_rcl.txt ├── cis_mysql5-6_community_rcl.txt ├── cis_mysql5-6_enterprise_rcl.txt ├── cis_rhel5_linux_rcl.txt ├── cis_rhel6_linux_rcl.txt ├── cis_rhel7_linux_rcl.txt ├── cis_rhel_linux_rcl.txt ├── cis_sles11_linux_rcl.txt ├── cis_sles12_linux_rcl.txt ├── cis_solaris11_rcl.txt ├── cis_win10_enterprise_L1_rcl.txt ├── cis_win10_enterprise_L2_rcl.txt ├── cis_win2012r2_domainL1_rcl.txt ├── cis_win2012r2_domainL2_rcl.txt ├── cis_win2012r2_memberL1_rcl.txt ├── cis_win2012r2_memberL2_rcl.txt ├── cis_win2016_domainL1_rcl.txt ├── cis_win2016_domainL2_rcl.txt ├── cis_win2016_memberL1_rcl.txt ├── cis_win2016_memberL2_rcl.txt ├── rootkit_files.txt ├── rootkit_trojans.txt ├── system_audit_pw.txt ├── system_audit_rcl.txt ├── system_audit_ssh.txt ├── win_applications_rcl.txt ├── win_audit_rcl.txt └── win_malware_rcl.txt /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/README.md -------------------------------------------------------------------------------- /decoders.d/00-crs-iptables_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/00-crs-iptables_decoder.xml -------------------------------------------------------------------------------- /decoders.d/00-crs-pam_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/00-crs-pam_decoder.xml -------------------------------------------------------------------------------- /decoders.d/00-crs-windows-date-format_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/00-crs-windows-date-format_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-aix-ipsec_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-aix-ipsec_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-apache_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-apache_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-apparmor_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-apparmor_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-arpwatch_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-arpwatch_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-asterisk_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-asterisk_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-auditd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-auditd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-barracuda_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-barracuda_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-checkpoint_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-checkpoint_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-chkpwd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-chkpwd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-cimserver_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-cimserver_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-cisco-ios_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-cisco-ios_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-cisco-vpnconcentrator_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-cisco-vpnconcentrator_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-clamd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-clamd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-courier_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-courier_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-dhcp_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-dhcp_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-dnsmasq_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-dnsmasq_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-doas_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-doas_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-dovecot_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-dovecot_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-dragon_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-dragon_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-dropbear_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-dropbear_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-exim_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-exim_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-ftpd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-ftpd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-grandstream_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-grandstream_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-horde_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-horde_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-imapd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-imapd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-ipfilter_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-ipfilter_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-isakmpd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-isakmpd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-lighttpd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-lighttpd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-mailscanner_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-mailscanner_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-mptscsi_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-mptscsi_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-ms-dhcp_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-ms-dhcp_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-mysql_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-mysql_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-named_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-named_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-netscreen_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-netscreen_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-nginx_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-nginx_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-nsd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-nsd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-ntpd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-ntpd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-openbsd-pf_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-openbsd-pf_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-openbsd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-openbsd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-openldap_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-openldap_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-opensmtpd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-opensmtpd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-ossec_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-ossec_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-owncloud_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-owncloud_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-pix_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-pix_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-portsentry_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-portsentry_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-postfix_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-postfix_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-postgresql_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-postgresql_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-proftpd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-proftpd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-proxmox_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-proxmox_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-psad_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-psad_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-pure-ftpd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-pure-ftpd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-raccoon_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-raccoon_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-roundcube_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-roundcube_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-rshd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-rshd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-sendmail_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-sendmail_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-smbd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-smbd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-snort_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-snort_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-solaris-bsm_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-solaris-bsm_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-sonicwall_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-sonicwall_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-squid_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-squid_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-sshd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-sshd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-su_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-su_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-sudo_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-sudo_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-suhosin_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-suhosin_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-symantec-av_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-symantec-av_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-symantec-websecurity_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-symantec-websecurity_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-sysmon_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-sysmon_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-telnetd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-telnetd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-trend-osce_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-trend-osce_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-unbound_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-unbound_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-vm-pop3d_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-vm-pop3d_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-vmware-esx_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-vmware-esx_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-vpopmail_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-vpopmail_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-vsftpd_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-vsftpd_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-web-accesslog_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-web-accesslog_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-windows-ntsyslog_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-windows-ntsyslog_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-windows-snare_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-windows-snare_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-windows_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-windows_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-wordpress_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-wordpress_decoder.xml -------------------------------------------------------------------------------- /decoders.d/50-crs-zeus_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/50-crs-zeus_decoder.xml -------------------------------------------------------------------------------- /decoders.d/60-crs-cowrie_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/60-crs-cowrie_decoder.xml -------------------------------------------------------------------------------- /decoders.d/60-crs-dionaea_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/60-crs-dionaea_decoder.xml -------------------------------------------------------------------------------- /decoders.d/60-crs-iis-ftp_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/60-crs-iis-ftp_decoder.xml -------------------------------------------------------------------------------- /decoders.d/60-crs-iis-smtp_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/60-crs-iis-smtp_decoder.xml -------------------------------------------------------------------------------- /decoders.d/60-crs-iis-web_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/60-crs-iis-web_decoder.xml -------------------------------------------------------------------------------- /decoders.d/60-crs-kaspersky_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/60-crs-kaspersky_decoder.xml -------------------------------------------------------------------------------- /decoders.d/60-crs-windows-firewall_decoder.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/60-crs-windows-firewall_decoder.xml -------------------------------------------------------------------------------- /decoders.d/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/decoders.d/README.md -------------------------------------------------------------------------------- /ossec-testing/runtests.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/runtests.py -------------------------------------------------------------------------------- /ossec-testing/tests/.pam.ini.swp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/.pam.ini.swp -------------------------------------------------------------------------------- /ossec-testing/tests/apache.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/apache.ini -------------------------------------------------------------------------------- /ossec-testing/tests/apparmor.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/apparmor.ini -------------------------------------------------------------------------------- /ossec-testing/tests/asterisk.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/asterisk.ini -------------------------------------------------------------------------------- /ossec-testing/tests/cimserver.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/cimserver.ini -------------------------------------------------------------------------------- /ossec-testing/tests/cisco_ios.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/cisco_ios.ini -------------------------------------------------------------------------------- /ossec-testing/tests/cpanel.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/cpanel.ini -------------------------------------------------------------------------------- /ossec-testing/tests/dnsmasq.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/dnsmasq.ini -------------------------------------------------------------------------------- /ossec-testing/tests/doas.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/doas.ini -------------------------------------------------------------------------------- /ossec-testing/tests/dovecot.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/dovecot.ini -------------------------------------------------------------------------------- /ossec-testing/tests/dpkg.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/dpkg.ini -------------------------------------------------------------------------------- /ossec-testing/tests/dropbear.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/dropbear.ini -------------------------------------------------------------------------------- /ossec-testing/tests/exim.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/exim.ini -------------------------------------------------------------------------------- /ossec-testing/tests/firewalld.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/firewalld.ini -------------------------------------------------------------------------------- /ossec-testing/tests/mailscanner.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/mailscanner.ini -------------------------------------------------------------------------------- /ossec-testing/tests/modsecurity.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/modsecurity.ini -------------------------------------------------------------------------------- /ossec-testing/tests/named.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/named.ini -------------------------------------------------------------------------------- /ossec-testing/tests/netscreen.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/netscreen.ini -------------------------------------------------------------------------------- /ossec-testing/tests/nginx.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/nginx.ini -------------------------------------------------------------------------------- /ossec-testing/tests/openbsd-dhcpd.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/openbsd-dhcpd.ini -------------------------------------------------------------------------------- /ossec-testing/tests/openbsd-httpd.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/openbsd-httpd.ini -------------------------------------------------------------------------------- /ossec-testing/tests/openbsd.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/openbsd.ini -------------------------------------------------------------------------------- /ossec-testing/tests/opensmtpd.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/opensmtpd.ini -------------------------------------------------------------------------------- /ossec-testing/tests/pam.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/pam.ini -------------------------------------------------------------------------------- /ossec-testing/tests/postfix.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/postfix.ini -------------------------------------------------------------------------------- /ossec-testing/tests/proftpd.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/proftpd.ini -------------------------------------------------------------------------------- /ossec-testing/tests/rsh.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/rsh.ini -------------------------------------------------------------------------------- /ossec-testing/tests/samba.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/samba.ini -------------------------------------------------------------------------------- /ossec-testing/tests/sshd.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/sshd.ini -------------------------------------------------------------------------------- /ossec-testing/tests/su.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/su.ini -------------------------------------------------------------------------------- /ossec-testing/tests/sudo.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/sudo.ini -------------------------------------------------------------------------------- /ossec-testing/tests/syslog.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/syslog.ini -------------------------------------------------------------------------------- /ossec-testing/tests/sysmon.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/sysmon.ini -------------------------------------------------------------------------------- /ossec-testing/tests/systemd.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/systemd.ini -------------------------------------------------------------------------------- /ossec-testing/tests/unbound.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/unbound.ini -------------------------------------------------------------------------------- /ossec-testing/tests/vsftpd.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/vsftpd.ini -------------------------------------------------------------------------------- /ossec-testing/tests/web_appsec.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/web_appsec.ini -------------------------------------------------------------------------------- /ossec-testing/tests/web_rules.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/ossec-testing/tests/web_rules.ini -------------------------------------------------------------------------------- /rules.d/00-crs-rules_config.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/00-crs-rules_config.xml -------------------------------------------------------------------------------- /rules.d/00-crs-syslog_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/00-crs-syslog_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-apache_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-apache_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-apparmor_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-apparmor_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-arpwatch_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-arpwatch_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-asterisk_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-asterisk_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-cimserver_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-cimserver_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-cisco-ios_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-cisco-ios_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-clam_av_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-clam_av_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-courier_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-courier_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-dnsmasq_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-dnsmasq_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-dovecot_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-dovecot_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-dropbear_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-dropbear_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-exim_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-exim_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-firewall_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-firewall_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-firewalld_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-firewalld_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-ftpd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-ftpd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-hordeimp_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-hordeimp_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-ids_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-ids_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-imapd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-imapd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-kesl_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-kesl_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-lighttpd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-lighttpd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-linux_usbdetect_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-linux_usbdetect_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-mailscanner_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-mailscanner_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-mhn_cowrie_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-mhn_cowrie_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-mhn_dionaea_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-mhn_dionaea_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-ms-exchange_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-ms-exchange_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-ms_dhcp_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-ms_dhcp_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-ms_ftpd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-ms_ftpd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-msauth_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-msauth_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-mysql_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-mysql_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-named_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-named_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-netscreenfw_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-netscreenfw_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-nginx_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-nginx_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-openbsd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-openbsd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-opensmtpd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-opensmtpd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-ossec_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-ossec_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-pam_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-pam_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-php_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-php_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-pix_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-pix_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-postfix_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-postfix_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-postgresql_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-postgresql_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-proftpd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-proftpd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-pure-ftpd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-pure-ftpd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-racoon_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-racoon_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-roundcube_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-roundcube_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-sendmail_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-sendmail_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-smbd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-smbd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-solaris_bsm_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-solaris_bsm_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-sonicwall_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-sonicwall_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-spamd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-spamd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-squid_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-squid_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-sshd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-sshd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-symantec-av_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-symantec-av_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-symantec-ws_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-symantec-ws_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-sysmon_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-sysmon_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-systemd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-systemd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-telnetd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-telnetd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-trend-osce_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-trend-osce_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-unbound_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-unbound_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-vmpop3d_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-vmpop3d_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-vmware_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-vmware_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-vpn_concentrator_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-vpn_concentrator_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-vpopmail_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-vpopmail_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-vsftpd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-vsftpd_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-web_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-web_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-wordpress_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-wordpress_rules.xml -------------------------------------------------------------------------------- /rules.d/50-crs-zeus_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/50-crs-zeus_rules.xml -------------------------------------------------------------------------------- /rules.d/55-crs-msft-firewall_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/55-crs-msft-firewall_rules.xml -------------------------------------------------------------------------------- /rules.d/55-crs-topleveldomain_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/55-crs-topleveldomain_rules.xml -------------------------------------------------------------------------------- /rules.d/60-crs-attack_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/60-crs-attack_rules.xml -------------------------------------------------------------------------------- /rules.d/60-crs-mcafee_av_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/60-crs-mcafee_av_rules.xml -------------------------------------------------------------------------------- /rules.d/60-crs-ms-se_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/60-crs-ms-se_rules.xml -------------------------------------------------------------------------------- /rules.d/60-crs-ms1016_usbdetect_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/60-crs-ms1016_usbdetect_rules.xml -------------------------------------------------------------------------------- /rules.d/60-crs-msft-ipsec_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/60-crs-msft-ipsec_rules.xml -------------------------------------------------------------------------------- /rules.d/60-crs-msft-powershell_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/60-crs-msft-powershell_rules.xml -------------------------------------------------------------------------------- /rules.d/60-crs-web_appsec_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/60-crs-web_appsec_rules.xml -------------------------------------------------------------------------------- /rules.d/70-crs-last_rootlogin_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/70-crs-last_rootlogin_rules.xml -------------------------------------------------------------------------------- /rules.d/70-crs-nsd_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/70-crs-nsd_rules.xml -------------------------------------------------------------------------------- /rules.d/70-crs-openbsd-dhcp_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/70-crs-openbsd-dhcp_rules.xml -------------------------------------------------------------------------------- /rules.d/70-crs-owncloud_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/70-crs-owncloud_rules.xml -------------------------------------------------------------------------------- /rules.d/70-crs-proxmox-ve_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/70-crs-proxmox-ve_rules.xml -------------------------------------------------------------------------------- /rules.d/70-crs-psad_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/70-crs-psad_rules.xml -------------------------------------------------------------------------------- /rules.d/99-crs-policy_rules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/rules.d/99-crs-policy_rules.xml -------------------------------------------------------------------------------- /shared/acsc_office2016_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/acsc_office2016_rcl.txt -------------------------------------------------------------------------------- /shared/cis_apache2224_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_apache2224_rcl.txt -------------------------------------------------------------------------------- /shared/cis_debian_linux_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_debian_linux_rcl.txt -------------------------------------------------------------------------------- /shared/cis_debianlinux7-8_L1_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_debianlinux7-8_L1_rcl.txt -------------------------------------------------------------------------------- /shared/cis_debianlinux7-8_L2_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_debianlinux7-8_L2_rcl.txt -------------------------------------------------------------------------------- /shared/cis_mysql5-6_community_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_mysql5-6_community_rcl.txt -------------------------------------------------------------------------------- /shared/cis_mysql5-6_enterprise_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_mysql5-6_enterprise_rcl.txt -------------------------------------------------------------------------------- /shared/cis_rhel5_linux_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_rhel5_linux_rcl.txt -------------------------------------------------------------------------------- /shared/cis_rhel6_linux_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_rhel6_linux_rcl.txt -------------------------------------------------------------------------------- /shared/cis_rhel7_linux_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_rhel7_linux_rcl.txt -------------------------------------------------------------------------------- /shared/cis_rhel_linux_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_rhel_linux_rcl.txt -------------------------------------------------------------------------------- /shared/cis_sles11_linux_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_sles11_linux_rcl.txt -------------------------------------------------------------------------------- /shared/cis_sles12_linux_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_sles12_linux_rcl.txt -------------------------------------------------------------------------------- /shared/cis_solaris11_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_solaris11_rcl.txt -------------------------------------------------------------------------------- /shared/cis_win10_enterprise_L1_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_win10_enterprise_L1_rcl.txt -------------------------------------------------------------------------------- /shared/cis_win10_enterprise_L2_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_win10_enterprise_L2_rcl.txt -------------------------------------------------------------------------------- /shared/cis_win2012r2_domainL1_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_win2012r2_domainL1_rcl.txt -------------------------------------------------------------------------------- /shared/cis_win2012r2_domainL2_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_win2012r2_domainL2_rcl.txt -------------------------------------------------------------------------------- /shared/cis_win2012r2_memberL1_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_win2012r2_memberL1_rcl.txt -------------------------------------------------------------------------------- /shared/cis_win2012r2_memberL2_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_win2012r2_memberL2_rcl.txt -------------------------------------------------------------------------------- /shared/cis_win2016_domainL1_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_win2016_domainL1_rcl.txt -------------------------------------------------------------------------------- /shared/cis_win2016_domainL2_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_win2016_domainL2_rcl.txt -------------------------------------------------------------------------------- /shared/cis_win2016_memberL1_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_win2016_memberL1_rcl.txt -------------------------------------------------------------------------------- /shared/cis_win2016_memberL2_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/cis_win2016_memberL2_rcl.txt -------------------------------------------------------------------------------- /shared/rootkit_files.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/rootkit_files.txt -------------------------------------------------------------------------------- /shared/rootkit_trojans.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/rootkit_trojans.txt -------------------------------------------------------------------------------- /shared/system_audit_pw.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/system_audit_pw.txt -------------------------------------------------------------------------------- /shared/system_audit_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/system_audit_rcl.txt -------------------------------------------------------------------------------- /shared/system_audit_ssh.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/system_audit_ssh.txt -------------------------------------------------------------------------------- /shared/win_applications_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/win_applications_rcl.txt -------------------------------------------------------------------------------- /shared/win_audit_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/win_audit_rcl.txt -------------------------------------------------------------------------------- /shared/win_malware_rcl.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossec/ossec-rules/HEAD/shared/win_malware_rcl.txt --------------------------------------------------------------------------------