Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement - Owncloud rules and decoders #534

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Enhancement - Owncloud rules and decoders #534

wants to merge 3 commits into from

Conversation

Lopuiz
Copy link
Contributor

@Lopuiz Lopuiz commented Nov 29, 2019

Related issue
533

Hello team,

I found some issues in Owncloud rules and decoders. In this PR I try to solve it. I have done:

  1. Remove some logs with strange characters.
  2. Fix brute force rule
  3. Remove unnecessary decoders

Best regards,
Eva

Testing

Unit tests don't report bugs.

lopezziur@lopezziur:~/wazuh/wazuh-ruleset/tools/rules-testing$ sudo ./runtests.py 
- [ File = ./tests/systemd.ini ] ---------
..
- [ File = ./tests/syslog.ini ] ---------
.....
- [ File = ./tests/SonicWall.ini ] ---------
........
- [ File = ./tests/sshd.ini ] ---------
...........................
- [ File = ./tests/named.ini ] ---------
.....
- [ File = ./tests/mailscanner.ini ] ---------
.
- [ File = ./tests/owncloud.ini ] ---------
....
- [ File = ./tests/mcafee_epo.ini ] ---------
.
- [ File = ./tests/unbound.ini ] ---------

- [ File = ./tests/postfix.ini ] ---------
..
- [ File = ./tests/doas.ini ] ---------
....
- [ File = ./tests/su.ini ] ---------
.....
- [ File = ./tests/ossec.ini ] ---------
.....
- [ File = ./tests/web_appsec.ini ] ---------
...............................
- [ File = ./tests/apache.ini ] ---------
............
- [ File = ./tests/oscap.ini ] ---------
................................
- [ File = ./tests/cimserver.ini ] ---------
..
- [ File = ./tests/vsftpd.ini ] ---------
....
- [ File = ./tests/cpanel.ini ] ---------
.......
- [ File = ./tests/web_rules.ini ] ---------
.....
- [ File = ./tests/apparmor.ini ] ---------
.....
- [ File = ./tests/exim.ini ] ---------
.....
- [ File = ./tests/samba.ini ] ---------
....
- [ File = ./tests/modsecurity.ini ] ---------
......
- [ File = ./tests/sysmon.ini ] ---------
...
- [ File = ./tests/dovecot.ini ] ---------
...............
- [ File = ./tests/opensmtpd.ini ] ---------
.......
- [ File = ./tests/cisco_asa.ini ] ---------
.......................................................................................
- [ File = ./tests/checkpoint_smart1.ini ] ---------
..................
- [ File = ./tests/panda_paps.ini ] ---------
........
- [ File = ./tests/netscreen.ini ] ---------
....
- [ File = ./tests/sudo.ini ] ---------
........
- [ File = ./tests/rsh.ini ] ---------
..
- [ File = ./tests/firewalld.ini ] ---------
..
- [ File = ./tests/cisco_ios.ini ] ---------
.....
- [ File = ./tests/pam.ini ] ---------
.....
- [ File = ./tests/nginx.ini ] ---------
............
- [ File = ./tests/proftpd.ini ] ---------
.......
- [ File = ./tests/features.ini ] ---------
....

@Lopuiz
Owncloud rules and decoders - Remove logs with strange characters
73e01d8
@Lopuiz
Owncloud rules and decoders
b4b6031 
 - Remove unnecesary decoders.
 - Fix brute force rule.
 - Modify rules 87304, 87305, 87306, 87307 and 87308 to do the works
   with field 'level' instead of 'status'.
@Lopuiz
Owncloud rules and decoders - Add unit test
fc84e44
@Lopuiz Lopuiz added bug rules Rules related issues decoders Decoders related issues labels Nov 29, 2019
@Lopuiz Lopuiz mentioned this pull request Nov 29, 2019
Merged
@Lopuiz Lopuiz requested a review from vikman90 January 9, 2020 07:55
@vikman90 vikman90 changed the base branch from master to develop July 31, 2020 12:07
@vikman90 vikman90 changed the base branch from develop to master September 25, 2020 08:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chemamartinez chemamartinez Awaiting requested review from chemamartinez

@vikman90 vikman90 Awaiting requested review from vikman90

At least 1 approving review is required to merge this pull request.

Assignees

@vikman90 vikman90

@Lopuiz Lopuiz

Labels
bug decoders Decoders related issues rules Rules related issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Lopuiz @vikman90