1 <group name="syslog,owncloud,">
2 <rule id="53300" level="0">
3 <decoded_as>owncloud</decoded_as>
4 <description>ownCloud messages grouped.</description>
7 <rule id="53301" level="6">
9 <match>Login failed: </match>
10 <description>ownCloud authentication failed.</description>
11 <group>authentication_failed,</group>
14 <rule id="53302" level="10" frequency="6" timeframe="120">
15 <if_matched_sid>53301</if_matched_sid>
17 <description>ownCloud brute force (multiple failed logins).</description>
18 <group>authentication_failures,</group>
21 <rule id="53303" level="6">
22 <if_sid>53300</if_sid>
23 <match>Passed filename is not valid, might be malicious </match>
24 <description>ownCloud possible malicious request.</description>
25 <group>web,appsec,attack,</group>
28 <rule id="53304" level="8">
29 <if_sid>53300</if_sid>
31 <description>ownCloud FATAL message.</description>
34 <rule id="53305" level="4">
35 <if_sid>53300</if_sid>
37 <description>ownCloud ERROR message.</description>
40 <rule id="53306" level="3">
41 <if_sid>53300</if_sid>
43 <description>ownCloud WARN message.</description>
46 <rule id="53307" level="0">
47 <if_sid>53300</if_sid>
49 <description>ownCloud INFO message.</description>
52 <rule id="53308" level="0">
53 <if_sid>53300</if_sid>
55 <description>ownCloud DEBUG message.</description>