paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 00:02:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 109000-microsoft_defender.xml

Browse Source
This commit is contained in:
taylor_socfortress
2023-08-23 12:22:16 -05:00
committed by GitHub
parent 95a922bd3d
commit 32911f51a4
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Office Defender/109000-microsoft_defender.xml
View File

@@ -1,7 +1,7 @@
<group name="microsoft_defender,">
<rule id="109000" level="3">
<location>microsoft_defender</location>
<description>$(office_defender.id) $(office_defender.title).</description>
<description>$(microsoft_defender.id) $(microsoft_defender.title).</description>
<options>no_full_log</options>
</rule>
<rule id="109001" level="3">
@@ -13,28 +13,28 @@
<rule id="109002" level="3">
<if_sid>109001</if_sid>
<field name="microsoft_defender.severity">Informational</field>
<description>$(office_defender.severity) Alert: $(office_defender.title).</description>
<description>$(microsoft_defender.severity) Alert: $(microsoft_defender.title).</description>
<options>no_full_log</options>
<group>alert,</group>
</rule>
<rule id="109003" level="5">
<if_sid>109001</if_sid>
<field name="microsoft_defender.severity">Low</field>
<description>$(office_defender.severity) Alert: $(office_defender.title).</description>
<description>$(microsoft_defender.severity) Alert: $(microsoft_defender.title).</description>
<options>no_full_log</options>
<group>alert,</group>
</rule>
<rule id="109004" level="10">
<if_sid>109001</if_sid>
<field name="microsoft_defender.severity">Medium</field>
<description>$(office_defender.severity) Alert: $(office_defender.title).</description>
<description>$(microsoft_defender.severity) Alert: $(microsoft_defender.title).</description>
<options>no_full_log</options>
<group>alert,</group>
</rule>
<rule id="109005" level="12">
<if_sid>109001</if_sid>
<field name="microsoft_defender.severity">High</field>
<description>$(office_defender.severity) Alert: $(office_defender.title).</description>
<description>$(microsoft_defender.severity) Alert: $(microsoft_defender.title).</description>
<options>no_full_log</options>
<group>alert,</group>
</rule>
@@ -48,7 +48,7 @@
<rule id="109011" level="3">
<if_sid>109000</if_sid>
<field name="query">machines</field>
<description>$(office_defender.computerDnsName) Health Status $(office_defender.healthStatus).</description>
<description>$(microsoft_defender.computerDnsName) Health Status $(microsoft_defender.healthStatus).</description>
<options>no_full_log</options>
</rule>
<rule id="109012" level="3">
@@ -60,13 +60,13 @@
<rule id="109013" level="3">
<if_sid>109000</if_sid>
<field name="query">recommendations</field>
<description>$(office_defender.recommendationName).</description>
<description>$(microsoft_defender.recommendationName).</description>
<options>no_full_log</options>
</rule>
<rule id="109014" level="3">
<if_sid>109000</if_sid>
<field name="query">exposurescore</field>
<description>Domain Exposure Score: $(office_defender.score).</description>
<description>Domain Exposure Score: $(microsoft_defender.score).</description>
<options>no_full_log</options>
</rule>
<rule id="109015" level="3">