Skip to content

Releases: wazuh/wazuh-ruleset

Wazuh Ruleset 3.7.1

05 Dec 18:08
@snaow snaow
v3.7.1
4652a47

Choose a tag to compare

View all tags
Wazuh Ruleset 3.7.1

Added

  • New Vulnerability detector rules to warn about version comparison issues. (#237)
Loading

Wazuh Ruleset 3.7.0

10 Nov 10:48
@jesuslinares jesuslinares
v3.7.0
e4b0fbc

Choose a tag to compare

View all tags
Wazuh Ruleset 3.7.0

Added

  • osquery: specific alerts for default packs. (#196)
  • Azure integration: Decoders and rules. (#189)

Changed

  • osquery: Rename alerts fields reference. (#196)
  • update_ruleset is not available in worker nodes. (#225)
  • Update composite rules to match only same_source_ip events. (#161)

Fixed

  • Fixed active response decoder in order to match with different dates. (#223)

Removed

  • Removed deprecated rules for Syscheck.
Loading

Wazuh Ruleset 3.6.1

07 Sep 20:16
@vikman90 vikman90
v3.6.1
6d53e04
This commit was signed with the committer’s verified signature. The key has expired.
vikman90 Vikman Fernandez-Castro
GPG key ID: 1468313D31B5FCA8
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Wazuh Ruleset 3.6.1

Fixed

  • Silence rule about full disk for SNAP partitions. (#183)
Loading

Wazuh Ruleset 3.6.0

29 Aug 23:04
@jesuslinares jesuslinares
v3.6.0
f10198e

Choose a tag to compare

View all tags
Wazuh Ruleset 3.6.0

Fixed

  • Fixed login abortion log mismatch in Dovecot decoder when optional parameter didn't appear. (#171)
  • Fixed decoder for Debian packages. (#172)
  • Fixed active response decoder. (#179)

Added

  • Compatibility with TerminalServices-Gateway event type. (#175)
  • New AWS rules. (#174)
Loading

Wazuh Ruleset 3.5.0

29 Aug 19:26
@vikman90 vikman90
v3.5.0
53c59a5
This commit was signed with the committer’s verified signature. The key has expired.
vikman90 Vikman Fernandez-Castro
GPG key ID: 1468313D31B5FCA8
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Wazuh Ruleset 3.5.0

Added

  • Rules for the new osquery integration.
  • Rule to ignore syscollector events.
  • CIS-CAT rules improved.
  • Rules and decoders for the new Kaspersky integration.
  • CIS rootchecks for Windows 2012 R2 (by @Bob-Andrews).
  • Extract port name for Sysmon event 3. (#127)
  • Improve Shellshock detection. (#115)

Changed

  • Decreased agent upgrade failure rules level.

Fixed

  • Windows rules: Fix SID syntax for group membership changes. (#125).
  • Windows decoders: Match "Subject :" format (#128).
Loading

Wazuh Ruleset 3.4.0

24 Jul 19:28
@Cerv1 Cerv1
v3.4.0
20b2108

Choose a tag to compare

View all tags
Wazuh Ruleset 3.4.0

Added

  • Decoder for syscheck integration with audit.

Changed

  • Removed offset of the frequency attribute in rules. (#145)
Loading

Wazuh Ruleset 3.3.1

18 Jun 18:51
@jesuslinares jesuslinares
v3.3.1
d909d55

Choose a tag to compare

View all tags
Wazuh Ruleset 3.3.1

Added

  • Rule to detect when agents are unable to unmerge shared files. (#143)
Loading

Wazuh Ruleset 3.3.0

08 Jun 19:02
@jesuslinares jesuslinares
v3.3.0
cb61eb5

Choose a tag to compare

View all tags
Wazuh Ruleset 3.3.0

There are no changes for Wazuh Ruleset in this version.

Loading

Wazuh Ruleset 3.2.4

01 Jun 18:16
@BraulioV BraulioV
v3.2.4
0ff929d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Wazuh Ruleset 3.2.4

There are no changes for Wazuh Ruleset in this version.

Loading

Wazuh Ruleset 3.2.3

28 May 16:23
@jesuslinares jesuslinares
v3.2.3
07d5bb0

Choose a tag to compare

View all tags
Wazuh Ruleset 3.2.3

Added

  • GDPR (General Data Protection Regulation) mapping.
  • Improve GeoIP and composite rule support for AWS events.
  • Pfsense rules.

Fixed

  • Error handling in update ruleset script using python3.
Loading