Added
- Amazon Decoders & Rules:
- EC2
- IAM
- Auditd Rules
- Shellshock rules
- New rules for sudo
- New rules for system
- New decoder: web-accesslog-iis-default decoder
- Folder tools:
- amazon: Script getawslog.py to download the JSON file from S3 Bucket.
- file-testing: Script file_test.py to check if a log file generates alerts
- rules-testing: Script runtests.py to run unitary tests. Created by OSSEC.
Changed
- Auditd Decoders
- Minor changes in some decoders and rules.
- Netscaler updated
- ossec_ruleset.py fixes