paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-09 08:06:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
196 Commits 1 Branch 1 Tag
daabdf5f7cb15bb81dc8e701f80fb877d7ed9a59
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
SOCFortress daabdf5f7c Update README.md
2022-08-19 16:09:17 -05:00
Domain Stats
Create README.md
2022-08-08 16:43:15 -05:00
Exclusion Rules
Create README.md
2022-08-08 16:40:36 -05:00
F-Secure
Create README.md
2022-08-08 16:29:24 -05:00
Falco
Update README.md
2022-08-08 16:22:51 -05:00
images
Add files via upload
2022-08-19 15:37:19 -05:00
Modsecutiry
Update and rename 100100-Modsecurity.xml to 100099-Modsecurity.xml
2022-08-18 10:00:51 -05:00
Nmap
Create README.md
2022-08-08 16:25:43 -05:00
Office 365
Update README.md
2022-08-08 16:12:33 -05:00
Office Defender
Update README.md
2022-08-08 16:12:43 -05:00
Osquery
Update 200600-osquery.xml
2022-08-08 16:51:04 -05:00
Packetbeat
Create agent.conf
2022-08-08 16:18:50 -05:00
Snyk
Create README.md
2022-08-08 16:45:24 -05:00
Sophos
Create ossec.conf
2022-08-14 19:51:01 -07:00
Suricata
Update README.md
2022-08-08 16:12:53 -05:00
Sysmon Linux
Create README.md
2022-08-08 16:49:34 -05:00
Sysmon New Events
Update 109100-win_sysmon_new_events.xml
2022-08-17 21:39:40 -05:00
Threat Intel
Update README.md
2022-08-08 16:13:04 -05:00
Trend Micro
Create ossec.conf
2022-08-15 11:26:45 -05:00
Windows Autoruns
Update README.md
2022-08-08 16:58:22 -05:00
Windows Chainsaw
Add files via upload
2022-08-08 22:22:39 -05:00
Windows Logon Sessions
Update README.md
2022-08-08 22:06:03 -05:00
Windows Powershell
Create README.md
2022-08-08 22:08:36 -05:00
Windows Sigma Rules
Create 300001-win_sigma_rules_builtin.xml
2022-08-08 22:10:02 -05:00
Windows Sysinternals Sigcheck
Update README.md
2022-08-08 22:05:53 -05:00
Windows_Sysmon
Update MITRE_TECHNIQUES_FROM_SYSMON_EVENT13.xml
2022-08-17 21:41:08 -05:00
Yara
Create yara_decoders.xml
2022-08-18 10:37:32 -05:00
README.md
Update README.md
2022-08-19 16:09:17 -05:00
wazuh_socfortress_rules.sh
Create wazuh_socfortress_rules.sh
2022-08-18 11:16:32 -05:00

README.md

Advanced Wazuh Detection Rules Awesome

The SOCFortress Team has commited to contributing to the Open Source community. We hope you find these rulesets helpful and robust as you work to keep your networks secure 😅

Contributors Forks Stargazers MIT License LinkedIn your-own-soc-free-for-life-tier


Logo Logo

Advanced Wazuh Detection Rules

Have Wazuh deployed and ingesting your logs but looking for some better detection rules? Look no further. The objective for this repo is to provide the Wazuh community with rulesets that are more accurate, descriptive, and enriched from various sources and integrations.
Worlds First Open Source Cloud SOC »

Wazuh Docs · FREE FOR LIFE TIER · Our Blog

Table of Contents
  1. About This Repo
  2. Getting Started
  3. Usage
  4. Roadmap
  5. Contributing
  6. License
  7. Contact
  8. Acknowledgments

About This Repo

The objective for this repo is to provide the Wazuh community with rulesets that are more accurate, descriptive, and enriched from various sources and integrations.

Here's why:

  • Detection rules can be a tricky business and we believe everyone should have access to a strong and growing ruleset.
  • Wazuh serves as a great EDR agent, however the default rulesets are rather laxed (in our opinion). We wanted to start building a strong repo of Wazuh rules for the community to implement themselves and expand upon as new threats arise.
  • Cybersecurity is hard enough, let's work together 😄

(back to top)

Supported Rules and Integrations

Below are the current rules and integrations currently contained within this repo. Integrations, such as Office365, Sophos, etc. will have scripts provided within their respective folders for use. Feel free to build upon these scripts and contribute back 😄

  • Sysmon for Windows
  • Sysmon for Linux
  • Office365
  • Microsoft Defender
  • Sophos
  • MISP
  • Osquery
  • Yara
  • Suricata
  • Packetbeat
  • Falco
  • Modsecurity
  • F-Secure
  • Domain Stats
  • Snyk
  • Autoruns
  • Sigcheck
  • Powershell

(back to top)

Have Wazuh deployed and ingesting your logs but looking for some better detection rules? Look no further. The objective for this repo is to provide the Wazuh community with rulesets that are more accurate, descriptive, and enriched from various sources and integrations.

FEEL FREE TO MERGE REQUEST ANY RULES THAT YOU THINK THE COMMUNITY COULD BENEFIT FROM

Categories of various tools that this repo containes rules for are below

  • Sysmon for Windows
  • Sysmon for Linux
  • Office365
  • Microsoft Defender
  • Sophos
  • MISP
  • Osquery
  • Yara
  • Suricata
  • Packetbeat
  • Falco
  • Modsecurity
  • F-Secure
  • Domain Stats
  • Snyk
  • Autoruns
  • Sigcheck
  • Powershell
Reference in New Issue View Git Blame Copy Permalink
Description
Advanced Wazuh Rules for more accurate threat detection. Feel free to implement within your own Wazuh environment, contribute, or fork!
Readme 11 MiB
Languages
Python 45.7%
Shell 36.4%
PowerShell 17.3%
Batchfile 0.6%