Added
- Add rules for VIPRE antivirus. (#327)
- Add decoders and rules for Panda-PAPS. (#437)
- Add decoders and rules for CheckPoint Smart-1 firewalls. (#440)
- Add Windows Software Restriction Policy rules. (#461)
- Add perdition (imap/pop3 proxy) rules (by @gkissand). (#407)
- Extend event detection for Windows Defender decoders (by @MarauderDueling). (#220)
- Add support for NAXSI web application firewall (by @kravietz). (#354)
- Improved postfix decoder (by @iasdeoupxe). (#410)
- Add a rule to alert about changes in system time. (#239)
- Add a rule to detect sudo actions from users other than root. (#149)
- Add Cisco-ASA rules and decoders. (#425)
- Add HIPAA compliance groups to the ruleset. (#400)
- Add mapping for HIPAA and NIST_800_53 compliance to SCA policies. (#421)
- SCA policies have been improved and refactored. (#406)
- Add recon group to SSH rule (by @kravietz). (#323)
- Add a rule to detect untrusted kernel modules being loaded (by @kravietz). (#323)
- Add a rule for rndg failure (by @kravietz). (#323)
- Add rules for RAID and disk failure (by @kravietz). (#323)
- Add a rule for ZFS error message (by @kravietz). (#323)
- Add a rule for systemd status=1/FAILURE (by @kravietz). (#323)