+++ /dev/null
-<!-- @(#) $Id: ./etc/rules/trend-osce_rules.xml, 2011/09/08 dcid Exp $
-
- - Official Trend Micro OSCE (Office Scan) rules for OSSEC.
- -
- - Copyright (C) 2009 Trend Micro Inc.
- - All rights reserved.
- -
- - This program is a free software; you can redistribute it
- - and/or modify it under the terms of the GNU General Public
- - License (version 2) as published by the FSF - Free Software
- - Foundation.
- -
- - License details: http://www.ossec.net/en/licensing.html
- -->
-
-
-<!-- For more info:
- -
- -->
-
-
-<group name="trend_micro,ocse">
- <rule id="7600" level="0">
- <decoded_as>trend-osce</decoded_as>
- <description>Grouping of Trend OSCE rules.</description>
- </rule>
-
- <rule id="7610" level="5">
- <if_sid>7600</if_sid>
- <id>^0|$|^1$|^2$|^33|^10$|^11$|^12$</id>
- <group>virus</group>
- <description>Virus detected and cleaned/quarantined/removed</description>
- </rule>
-
- <rule id="7611" level="9">
- <if_sid>7600</if_sid>
- <id>^5$|^6$|^7$|^8$|^14$|^15$|^16$</id>
- <group>virus</group>
- <description>Virus detected and unable to clean up.</description>
- </rule>
-
- <rule id="7612" level="3">
- <if_sid>7600</if_sid>
- <id>^4$|^13$</id>
- <description>Virus scan completed with no errors detected.</description>
- </rule>
-
- <rule id="7613" level="5">
- <if_sid>7600</if_sid>
- <id>^25$</id>
- <description>Virus scan passed by found potential security risk.</description>
- </rule>
-</group> <!-- symantec -->
-
-
-<!-- EOF -->