paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 00:02:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
688f2c1efa4d5759f3234ead314100ed5642786f
main/Sophos/200700-sophos.xml
taylor_socfortress 688f2c1efa Update 200700-sophos.xml
2023-01-06 13:31:54 -06:00

44 lines
1.3 KiB
XML
Raw Blame History

<group name="sophos,api">
<rule id="200700" level="5">
<field name="customer_id">\.+</field>
<description>Sophos Alert - $(name)</description>
</rule>
</group>
<group name="sophos,low">
<rule id="200701" level="1">
<if_sid>200700</if_sid>
<field name="severity">low</field>
<description>Low Sophos Alert - $(name)</description>
</rule>
</group>
<group name="sophos,medium">
<rule id="200702" level="10">
<if_sid>200700</if_sid>
<field name="severity">medium</field>
<description>Medium Sophos Alert - $(name)</description>
</rule>
</group>
<group name="sophos,high">
<rule id="200703" level="12">
<if_sid>200700</if_sid>
<field name="severity">high</field>
<description>High Sophos Alert - $(name)</description>
</rule>
</group>
<group name="sophos,health">
<rule id="200704" level="5">
<field name="healthcheck">bad</field>
<description>Sophos Alert - Bad Health</description>
</rule>
<rule id="200705" level="5">
<field name="healthcheck">good</field>
<description>Sophos Alert - Good Health</description>
</rule>
</group>
<group name="sophos,sophos_inventory">
<rule id="200706" level="5">
<field name="assignedProducts">\.+</field>
<description>Sophos Alert - Inventory</description>
</rule>
</group>
Reference in New Issue View Git Blame Copy Permalink