-
Notifications
You must be signed in to change notification settings - Fork 201
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #815 from wazuh/814-change-readme-to-deprecate
Updating the README file to provide information about the new location of the Wazuh ruleset
- Loading branch information
Showing
1 changed file
with
1 addition
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,56 +1,3 @@ | ||
| # Wazuh Ruleset | ||
|
|
||
| [](https://goo.gl/forms/M2AoZC4b2R9A9Zy12) | ||
| [](https://groups.google.com/forum/#!forum/wazuh) | ||
| [](https://documentation.wazuh.com) | ||
| [](https://wazuh.com) | ||
|
|
||
| Wazuh ruleset is used to detect attacks, intrusions, software misuse, configuration problems, application errors, malware, rootkits, system anomalies or security policy violations. | ||
|
|
||
| The ruleset includes compliance mapping with PCI DSS v3.1 and CIS. | ||
|
|
||
| ## Installation | ||
|
|
||
| * [Installation instructions](https://documentation.wazuh.com/current/user-manual/ruleset/update.html) | ||
|
|
||
| ## Directory structure | ||
|
|
||
| ├── wazuh-ruleset | ||
| │ ├── decoders # OSSEC decoders created/updated by Wazuh | ||
| │ ├── rules # OSSEC rules created/updated by Wazuh | ||
| │ ├── rootchecks # OSSEC rootchecks created/updated by Wazuh | ||
| │ ├── scap_content # OVAL, XCCDF, DS created/updated by Wazuh | ||
| │ ├── lists # CDB lists created/updated by Wazuh | ||
| | | ||
| │ ├── tools | ||
| | | ||
| │ ├── README.md | ||
| │ ├── VERSION | ||
| │ ├── update_ruleset.py # Install/update ruleset | ||
|
|
||
| ## Full documentation | ||
|
|
||
| Full documentation at [documentation.wazuh.com](https://documentation.wazuh.com/current/user-manual/ruleset/index.html) | ||
|
|
||
| ## Branches | ||
|
|
||
| * `stable` branch on correspond to the last ruleset stable version. | ||
| * `master` branch contains the latest code, be aware of possible bugs on this branch. | ||
|
|
||
|
|
||
| ## Contribute | ||
|
|
||
| If you have created new rules, decoders or rootchecks and you would like to contribute to our repository, please fork our Github repository and submit a pull request. To make a pull request for new rules and decoders, follow these instructions: | ||
|
|
||
| 1. If your rules and decoders are related to existent ones in the ruleset, you should add them at the end of the corresponding file. If they are made for a new application or device that Wazuh does not currently support, you should create a new `XML` following the title format. For example, if the last `XML` file is `0620-last-xml_rules.xml`, the next one should be named `0625-new_integration.xml`. Please, make sure your rules do not use an existent `rule id`. | ||
|
|
||
| 2. Make sure to create your `test.ini` file. You may find examples under the `wazuh/wazuh-ruleset/tools/rules-testing/tests` folder. Then add it to the repository along with the rest of the tests. | ||
|
|
||
| 3. Create the pull request | ||
|
|
||
| If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`. As well do not hesitate to request new rules or rootchecks that you would like to see running in Wazuh and our team will do our best to make it happen. | ||
|
|
||
| ## Web references | ||
|
|
||
| * [Wazuh website](http://wazuh.com) | ||
| * [OSSEC project website](http://ossec.github.io) | ||
| This repository is in read-only mode and no longer used. Now, all the Wazuh ruleset related content is located at [wazuh/ruleset](https://github.com/wazuh/wazuh/tree/master/ruleset). |