3 - Rules for Kaspersky Endpoint Security 10 for Linux
6 - Set UseSysLog to yes in kesl appSettings.xml for eventlogging in syslog
11 <rule id="53801" level="0" noalert="1">
12 <decoded_as>kesl</decoded_as>
13 <description>kesl messages grouped</description>
16 <rule id="53802" level="8">
17 <if_sid>53801</if_sid>
18 <match>UpdateError</match>
19 <description>An error occurred during an Update Task.</description>
22 <rule id="53803" level="8">
23 <if_sid>53801</if_sid>
24 <status>AVBasesAreOutOfDate</status>
25 <description>AVBasesAreOutOfDate (kesl Task: update)</description>
28 <rule id="53804" level="8">
29 <if_sid>53801</if_sid>
30 <status>AVBasesAreTotallyOutOfDate</status>
31 <description>AVBasesAreTotallyOutOfDate (kesl Task: update)</description>
34 <rule id="53805" level="8">
35 <if_sid>53801</if_sid>
36 <action>TaskStateChanged</action>
37 <status>Started|Stopped</status>
38 <extra_data>^Rollback</extra_data>
39 <description>An Update Rollback Task has been started / stopped</description>
42 <rule id="53806" level="8">
43 <if_sid>53801</if_sid>
44 <match>AVBasesRollbackError</match>
45 <description>An error occurred during AVBases Update Rollback Task</description>
48 <rule id="53807" level="8">
49 <if_sid>53801</if_sid>
50 <action>TaskStateChanged</action>
51 <status>Started|Stopped</status>
52 <extra_data>^Retranslate</extra_data>
53 <description>An update distribution (Retranslate) Task has been started / stopped</description>
56 <rule id="53808" level="8">
57 <if_sid>53801</if_sid>
58 <match>RetranslationError</match>
59 <description>An error occurred during an update distribution (Retranslate) Task</description>
62 <rule id="53809" level="3">
63 <if_sid>53801</if_sid>
64 <action>TaskStateChanged</action>
65 <status>Started</status>
66 <description>A kesl Task has been started.</description>
69 <rule id="53810" level="8">
70 <if_sid>53801</if_sid>
71 <action>TaskStateChanged</action>
72 <status>Suspended</status>
73 <description>A kesl Task has been suspended.</description>
76 <rule id="53811" level="8">
77 <if_sid>53801</if_sid>
78 <action>TaskStateChanged</action>
79 <status>Stopped</status>
80 <extra_data>^Backup|^License|^OAS</extra_data>
81 <description>A kesl Task has been stopped.</description>
84 <rule id="53812" level="2">
85 <if_sid>53801</if_sid>
86 <action>TaskStateChanged</action>
87 <status>Stopped</status>
88 <extra_data>^ODS|^BootScan|^MemoryScan|^Update</extra_data>
89 <description>A kesl Task has been stopped.</description>
92 <rule id="53813" level="8">
93 <if_sid>53801</if_sid>
94 <status>ThreatDetected</status>
95 <description>Kesl detected a Threat (kesl Task: File_Monitoring)</description>
98 <rule id="53814" level="3">
99 <if_sid>53801</if_sid>
100 <match>ObjectSavedToBackup</match>
101 <description>Threat Object was saved to Backup (kesl Task: File_Monitoring)</description>
104 <rule id="53815" level="3">
105 <if_sid>53801</if_sid>
106 <match>ObjectNotDisinfected</match>
107 <description>Threat Object could not be disinfected (kesl Task: File_Monitoring)</description>
110 <rule id="53816" level="3">
111 <if_sid>53801</if_sid>
112 <match>ObjectDeleted</match>
113 <description>Threat Object was deleted (kesl Task: File_Monitoring)</description>
116 <rule id="53817" level="8">
117 <if_sid>53801</if_sid>
118 <match>ObjectProcessingError</match>
119 <description>An error occurred during kesl scan</description>
projects / ossec-hids.git / blob