Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scope Rule 80200 to ^aws$ #457

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Scope Rule 80200 to ^aws$ #457

wants to merge 2 commits into from

Conversation

jorlando-tl
Copy link

The current rule for 80200 will match any integration that begins with aws. Would like to scope specific to just aws to support some additional integrations and rules off of them. My specific intent at the moment is to spin rules off of the integration value, aws.c7n.

@jorlando-tl
Scope Rule 80200 to ^aws$
9119b47 
The current rule for 80200 will match any integration that begins with aws. Would like to scope specific to just aws to support some additional integrations and rules off of them. My specific intent at the moment is to spin rules off of the integration value, aws.c7n.
@Lopuiz Lopuiz requested review from Lopuiz and bah07 August 2, 2019 10:18
Lopuiz
Lopuiz approved these changes Aug 2, 2019
View reviewed changes
Copy link
Contributor

@Lopuiz Lopuiz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @jorlando-tl

Thank you for your contribution.
We will process your request as soon as possible.

Best regards, Eva

@Lopuiz Lopuiz changed the base branch from master to 3.10 August 2, 2019 11:19
@Lopuiz
Copy link
Contributor

Lopuiz commented Aug 2, 2019

Hello @jorlando-tl

I've pushed some commits to resolve conflicts. It could merge in 3.10.
Also, In case it's possible, I would like to you send us some Cloud Custodian logs examples.

Best regards, Eva

@orlando-jamie
Copy link

orlando-jamie commented Aug 2, 2019
edited

Hi @Lopuiz ,
I will work to get some scrubbed sample logs for you. In the meantime, I do want to make you aware of a piece of the integration I have already worked on. https://github.com/orlando-jamie/aws-c7n-wazuh-extension. C7n is designed to send it's results to an sqs queue, so I wrote this to pluck messages from the queue and push to wazuh. Right now I am just using the json decoder to ship everything to elasticsearch to build some dashboards, but want to leave room to do some more thoughtful analysis in the ruleset.

Thank You,
-Jamie

@Lopuiz
Copy link
Contributor

Lopuiz commented Aug 2, 2019

Thank you so much for all.
I'll take a look at the script.

Regards, Eva

@Lopuiz Lopuiz added this to In progress in Wazuh 3.10.0 via automation Aug 13, 2019
@Lopuiz
Copy link
Contributor

Lopuiz commented Aug 13, 2019

Hello @jorlando-tl

Could you do a rebase of 3.10 so that only your modifications appear?

Regards,
Eva

@chemamartinez chemamartinez removed this from In progress in Wazuh 3.10.0 Aug 22, 2019
@chemamartinez chemamartinez added this to In progress in Wazuh 3.11.0 via automation Aug 22, 2019
@vikman90 vikman90 changed the base branch from 3.10 to develop July 31, 2020 12:08
@vikman90 vikman90 changed the base branch from develop to master September 25, 2020 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lopuiz Lopuiz Lopuiz approved these changes

@bah07 bah07 Awaiting requested review from bah07

At least 1 approving review is required to merge this pull request.

Assignees

@bah07 bah07

Labels
None yet
Projects
No open projects
Wazuh 3.11.0
  
In progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jorlando-tl @Lopuiz @orlando-jamie @bah07