paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 08:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 100002-suricata.xml

Browse Source
This commit is contained in:
taylor_socfortress
2023-03-16 15:59:23 -05:00
committed by GitHub
parent c3d681eff8
commit 3654530fc0
1 changed files with 38 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
Suricata/100002-suricata.xml
View File

@@ -1,47 +1,53 @@
<!-- Suricata Rules --> <!-- Suricata Rules -->
<group name="suricata,netflow"> <group name="suricata,netflow">
<rule id="100002" level="3"> <rule id="100002" level="1">
<if_sid>86600</if_sid> <if_sid>86600</if_sid>
<description>Suricata Traffic - $(event_type).</description> <options>no_full_log</options>
</rule> <description>Suricata Traffic - $(event_type).</description>
</rule>
</group> </group>
<group name="suricata,suricata_severity2"> <group name="suricata,suricata_severity2">
<rule id="100003" level="10"> <rule id="100003" level="10">
<if_sid>86601</if_sid> <if_sid>86601</if_sid>
<field name="alert.severity">2</field> <field name="alert.severity">2</field>
<description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description> <options>no_full_log</options>
</rule> <description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description>
</rule>
</group> </group>
<group name="suricata,suricata_severity1"> <group name="suricata,suricata_severity1">
<rule id="100004" level="13"> <rule id="100004" level="10">
<if_sid>86601</if_sid> <if_sid>86601</if_sid>
<field name="alert.severity">1</field> <field name="alert.severity">1</field>
<description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description> <options>no_full_log</options>
</rule> <description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description>
</rule>
</group> </group>
<group name="suricata,suricata_severity3"> <group name="suricata,suricata_severity3">
<rule id="100005" level="5"> <rule id="100005" level="5">
<if_sid>86601</if_sid> <if_sid>86601</if_sid>
<field name="alert.severity">3</field> <field name="alert.severity">3</field>
<description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description> <options>no_full_log</options>
</rule> <description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description>
</rule>
</group> </group>
<group name="suricata,suricata_http"> <group name="suricata,suricata_http">
<rule id="100006" level="3"> <rule id="100006" level="1">
<if_sid>86602</if_sid> <if_sid>86602</if_sid>
<description>Suricata HTTP Traffic.</description> <options>no_full_log</options>
</rule> <description>Suricata HTTP Traffic.</description>
</rule>
</group> </group>
<group name="suricata,suricata_dns"> <group name="suricata,suricata_dns">
<rule id="100007" level="3"> <rule id="100007" level="1">
<if_sid>86603</if_sid> <if_sid>86603</if_sid>
<description>Suricata DNS Traffic.</description> <options>no_full_log</options>
</rule> <description>Suricata DNS Traffic.</description>
</rule>
</group> </group>
<group name="suricata,suricata_tls"> <group name="suricata,suricata_tls">
<rule id="100008" level="3"> <rule id="100008" level="1">
<if_sid>86604</if_sid> <if_sid>86604</if_sid>
<description>Suricata TLS Traffic.</description> <options>no_full_log</options>
</rule> <description>Suricata TLS Traffic.</description>
</rule>
</group> </group>