new upstream release (3.3.0); modify package compatibility for Stretch

[ossec-hids.git] / etc / rules / dovecot_rules.xml

diff --git a/etc/rules/dovecot_rules.xml b/etc/rules/dovecot_rules.xml
index 61fa2f3..cd49bf6 100644 (file)
--- a/etc/rules/dovecot_rules.xml
+++ b/etc/rules/dovecot_rules.xml
@@ -41,7 +41,7 @@
 
 <rule id="9705" level="5">
   <if_sid>9700</if_sid>
-  <match>user not found|User not known|unknown user</match>
+  <match>user not found|User not known|unknown user|auth failed</match>
   <description>Dovecot Invalid User Login Attempt.</description>
   <group>invalid_login,authentication_failed,</group>
 </rule>
@@ -74,4 +74,18 @@
   <description>Dovecot brute force attack (multiple auth failures).</description>
   <group>authentication_failures,</group>
 </rule>
+
+<rule id="9770" level="0">
+  <decoded_as>dovecot-info</decoded_as>
+  <description>dovecot-info grouping.</description>
+</rule>
+
+<rule id="9771" level="5">
+  <if_sid>9770</if_sid>
+  <match>user not found|User not known|unknown user|auth failed</match>
+  <description>Dovecot Invalid User Login Attempt.</description>
+  <group>invalid_login,authentication_failed,</group>
+</rule>
+ 
+
 </group>