paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 08:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 300100-cisco_secure_endpoint.xml

Browse Source
This commit is contained in:
taylor_socfortress
2023-08-04 10:25:49 -05:00
committed by GitHub
parent 38d7481e90
commit c1593905b0
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Cisco Secure Endpoint/300100-cisco_secure_endpoint.xml
View File

@@ -6,4 +6,18 @@
<group>cisco_secure_endpoint,</group>
<description>Cisco Secure Endpoint - Notification</description>
</rule>
<rule id="300101" level="12">
<if_sid>300100</if_sid>
<field name="win.system.message" type="pcre2">(?i)^"Quarantine</field>
<options>no_full_log</options>
<group>cisco_secure_endpoint,</group>
<description>Cisco Secure Endpoint - Quarantine Event</description>
</rule>
<rule id="300102" level="12">
<if_sid>300100</if_sid>
<field name="win.system.message" type="pcre2">(?i)^"Malicious</field>
<options>no_full_log</options>
<group>cisco_secure_endpoint,</group>
<description>Cisco Secure Endpoint - Malicious Event</description>
</rule>
</group>