wazuh/wazuh-ruleset v3.5.0

Wazuh Ruleset 3.5.0

on GitHub

Added

• Rules for the new osquery integration.
• Rule to ignore syscollector events.
• CIS-CAT rules improved.
• Rules and decoders for the new Kaspersky integration.
• CIS rootchecks for Windows 2012 R2 (by @Bob-Andrews).
• Extract port name for Sysmon event 3. (#127)
• Improve Shellshock detection. (#115)

Changed

• Decreased agent upgrade failure rules level.

Fixed

• Windows rules: Fix SID syntax for group membership changes. (#125).
• Windows decoders: Match "Subject :" format (#128).