+++ /dev/null
-<!-- @(#) $Id: ./etc/rules/symantec-ws_rules.xml, 2011/09/08 dcid Exp $
-
- - Official Symantec Web Security rules for OSSEC.
- -
- - Copyright (C) 2009 Trend Micro Inc.
- - All rights reserved.
- -
- - This program is a free software; you can redistribute it
- - and/or modify it under the terms of the GNU General Public
- - License (version 2) as published by the FSF - Free Software
- - Foundation.
- -
- - License details: http://www.ossec.net/en/licensing.html
- -->
-
-
-<!-- For more info:
- - http://www.ossec.net/wiki/index.php/Symantec_WebSecurity
- - Data submited by: Michael Starks
- -->
-
-<!-- Still BETA -->
-
-<group name="symantec,">
- <rule id="7400" level="0">
- <decoded_as>symantec-websecurity</decoded_as>
- <description>Grouping of Symantec Web Security rules.</description>
- </rule>
-
- <rule id="7410" level="5">
- <if_sid>7400</if_sid>
- <id>^3=2,2=1</id>
- <description>Login failed accessing the web proxy.</description>
- <group>authentication_failed,</group>
- </rule>
-
- <rule id="7415" level="3">
- <if_sid>7400</if_sid>
- <id>^3=1,2=1</id>
- <description>Login success accessing the web proxy.</description>
- <group>authentication_success,</group>
- </rule>
-
- <rule id="7420" level="3">
- <if_sid>7415</if_sid>
- <user>virtadmin</user>
- <description>Admin Login success to the web proxy.</description>
- <group>authentication_success,</group>
- </rule>
-
- <!-- Example alerting using the url (event id 2=27 is for web access
- <rule id="7425" level="3">
- <if_sid>7400</if_sid>
- <id>^2=27</id>
- <description>Web access message.</description>
- <url>abc.exe</url>
- </rule>
-
- -->
-
-</group> <!-- symantec -->
-
-
-<!-- EOF -->
projects / ossec-hids.git / blobdiff