paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-02 12:53:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
134 Commits 1 Branch 1 Tag
156f1fed189c9292ba647a6703705ebaba183cc2
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
SOCFortress 156f1fed18 Create ossec.conf
2022-08-14 19:51:01 -07:00
Domain Stats
Create README.md
2022-08-08 16:43:15 -05:00
Exclusion Rules
Create README.md
2022-08-08 16:40:36 -05:00
F-Secure
Create README.md
2022-08-08 16:29:24 -05:00
Falco
Update README.md
2022-08-08 16:22:51 -05:00
Modsecutiry
Create 100100-Modsecurity.xml
2022-08-08 09:37:29 -05:00
Nmap
Create README.md
2022-08-08 16:25:43 -05:00
Office 365
Update README.md
2022-08-08 16:12:33 -05:00
Office Defender
Update README.md
2022-08-08 16:12:43 -05:00
Osquery
Update 200600-osquery.xml
2022-08-08 16:51:04 -05:00
Packetbeat
Create agent.conf
2022-08-08 16:18:50 -05:00
Snyk
Create README.md
2022-08-08 16:45:24 -05:00
Sophos
Create ossec.conf
2022-08-14 19:51:01 -07:00
Suricata
Update README.md
2022-08-08 16:12:53 -05:00
Sysmon Linux
Create README.md
2022-08-08 16:49:34 -05:00
Sysmon New Events
Create 109100-win_sysmon_new_events.xml
2022-08-08 16:14:48 -05:00
Threat Intel
Update README.md
2022-08-08 16:13:04 -05:00
Windows Autoruns
Update README.md
2022-08-08 16:58:22 -05:00
Windows Chainsaw
Add files via upload
2022-08-08 22:22:39 -05:00
Windows Logon Sessions
Update README.md
2022-08-08 22:06:03 -05:00
Windows Powershell
Create README.md
2022-08-08 22:08:36 -05:00
Windows Sigma Rules
Create 300001-win_sigma_rules_builtin.xml
2022-08-08 22:10:02 -05:00
Windows Sysinternals Sigcheck
Update README.md
2022-08-08 22:05:53 -05:00
Windows_Sysmon
Update README.md
2022-08-08 16:13:15 -05:00
Yara
Create yara_full_scan.sh
2022-08-08 22:36:43 -05:00
README.md
Update README.md
2022-08-08 09:15:27 -05:00

README.md

SOCFortress Wazuh-Rules N|Solid N|Solid N|Solid

logo_website (1)

Have Wazuh deployed and ingesting your logs but looking for some better detection rules? Look no further. The objective for this repo is to provide the Wazuh community with rulesets that are more accurate, descriptive, and enriched from various sources and integrations.

FEEL FREE TO MERGE REQUEST ANY RULES THAT YOU THINK THE COMMUNITY COULD BENEFIT FROM

Categories of various tools that this repo containes rules for are below

  • Sysmon for Windows
  • Sysmon for Linux
  • Office365
  • Microsoft Defender
  • Sophos
  • MISP
  • Osquery
  • Yara
  • Suricata
  • Packetbeat
  • Falco
  • Modsecurity
  • F-Secure
  • Domain Stats
  • Snyk
  • Autoruns
  • Sigcheck
  • Powershell
Reference in New Issue View Git Blame Copy Permalink
Description
Advanced Wazuh Rules for more accurate threat detection. Feel free to implement within your own Wazuh environment, contribute, or fork!
Readme 11 MiB
Languages
Python 45.7%
Shell 36.4%
PowerShell 17.3%
Batchfile 0.6%