+++ /dev/null
-<!--
- -
- - Rules for Kaspersky Endpoint Security 10 for Linux
- - IDs=53801-53825
- -
- - Set UseSysLog to yes in kesl appSettings.xml for eventlogging in syslog
- -
- -->
-
-<group name="kesl,">
- <rule id="53801" level="0" noalert="1">
- <decoded_as>kesl</decoded_as>
- <description>kesl messages grouped</description>
- </rule>
-
- <rule id="53802" level="8">
- <if_sid>53801</if_sid>
- <match>UpdateError</match>
- <description>An error occurred during an Update Task.</description>
- </rule>
-
- <rule id="53803" level="8">
- <if_sid>53801</if_sid>
- <status>AVBasesAreOutOfDate</status>
- <description>AVBasesAreOutOfDate (kesl Task: update)</description>
- </rule>
-
- <rule id="53804" level="8">
- <if_sid>53801</if_sid>
- <status>AVBasesAreTotallyOutOfDate</status>
- <description>AVBasesAreTotallyOutOfDate (kesl Task: update)</description>
- </rule>
-
- <rule id="53805" level="8">
- <if_sid>53801</if_sid>
- <action>TaskStateChanged</action>
- <status>Started|Stopped</status>
- <extra_data>^Rollback</extra_data>
- <description>An Update Rollback Task has been started / stopped</description>
- </rule>
-
- <rule id="53806" level="8">
- <if_sid>53801</if_sid>
- <match>AVBasesRollbackError</match>
- <description>An error occurred during AVBases Update Rollback Task</description>
- </rule>
-
- <rule id="53807" level="8">
- <if_sid>53801</if_sid>
- <action>TaskStateChanged</action>
- <status>Started|Stopped</status>
- <extra_data>^Retranslate</extra_data>
- <description>An update distribution (Retranslate) Task has been started / stopped</description>
- </rule>
-
- <rule id="53808" level="8">
- <if_sid>53801</if_sid>
- <match>RetranslationError</match>
- <description>An error occurred during an update distribution (Retranslate) Task</description>
- </rule>
-
- <rule id="53809" level="3">
- <if_sid>53801</if_sid>
- <action>TaskStateChanged</action>
- <status>Started</status>
- <description>A kesl Task has been started.</description>
- </rule>
-
- <rule id="53810" level="8">
- <if_sid>53801</if_sid>
- <action>TaskStateChanged</action>
- <status>Suspended</status>
- <description>A kesl Task has been suspended.</description>
- </rule>
-
- <rule id="53811" level="8">
- <if_sid>53801</if_sid>
- <action>TaskStateChanged</action>
- <status>Stopped</status>
- <extra_data>^Backup|^License|^OAS</extra_data>
- <description>A kesl Task has been stopped.</description>
- </rule>
-
- <rule id="53812" level="2">
- <if_sid>53801</if_sid>
- <action>TaskStateChanged</action>
- <status>Stopped</status>
- <extra_data>^ODS|^BootScan|^MemoryScan|^Update</extra_data>
- <description>A kesl Task has been stopped.</description>
- </rule>
-
- <rule id="53813" level="8">
- <if_sid>53801</if_sid>
- <status>ThreatDetected</status>
- <description>Kesl detected a Threat (kesl Task: File_Monitoring)</description>
- </rule>
-
- <rule id="53814" level="3">
- <if_sid>53801</if_sid>
- <match>ObjectSavedToBackup</match>
- <description>Threat Object was saved to Backup (kesl Task: File_Monitoring)</description>
- </rule>
-
- <rule id="53815" level="3">
- <if_sid>53801</if_sid>
- <match>ObjectNotDisinfected</match>
- <description>Threat Object could not be disinfected (kesl Task: File_Monitoring)</description>
- </rule>
-
- <rule id="53816" level="3">
- <if_sid>53801</if_sid>
- <match>ObjectDeleted</match>
- <description>Threat Object was deleted (kesl Task: File_Monitoring)</description>
- </rule>
-
- <rule id="53817" level="8">
- <if_sid>53801</if_sid>
- <match>ObjectProcessingError</match>
- <description>An error occurred during kesl scan</description>
- </rule>
-
-</group>