PageRenderTime 27ms CodeModel.GetById 25ms app.highlight 1ms RepoModel.GetById 0ms app.codeStats 0ms

/rules/50_sonicwall_rules.xml

https://bitbucket.org/oscarschneider/ossec-rules
XML | 92 lines | 63 code | 14 blank | 15 comment | 0 complexity | 377b89a9722f6f7a3925cc3adee24e13 MD5 | raw file
 1<!-- @(#) $Id: sonicwall_rules.xml,v 1.4 2010/03/04 20:12:33 dcid Exp $
 2  -  Official SonicWall rules for OSSEC.
 3  -
 4  -  Copyright (C) 2009 Trend Micro Inc.
 5  -  All rights reserved.
 6  -
 7  -  This program is a free software; you can redistribute it
 8  -  and/or modify it under the terms of the GNU General Public
 9  -  License (version 2) as published by the FSF - Free Software
10  -  Foundation.
11  -
12  -  License details: http://www.ossec.net/en/licensing.html
13  -->
14  
15
16<!-- SonicWall Log messages -->
17<group name="syslog,sonicwall,">
18  <rule id="4800" level="0">
19    <decoded_as>sonicwall</decoded_as>
20    <description>SonicWall messages grouped.</description>
21  </rule>
22
23  <rule id="4801" level="8">
24    <if_sid>4800</if_sid>
25    <status>^1</status>
26    <description>SonicWall critical message.</description>
27  </rule>
28  
29  <rule id="4802" level="8">
30    <if_sid>4800</if_sid>
31    <status>^2</status>
32    <description>SonicWall critical message.</description>
33  </rule>
34  
35 <rule id="4803" level="4">
36    <if_sid>4800</if_sid>
37    <status>^3</status>
38    <description>SonicWall error message.</description>
39  </rule>
40
41  <rule id="4804" level="3">
42    <if_sid>4800</if_sid>
43    <status>^4</status>
44    <description>SonicWall warning message.</description>
45  </rule>
46
47  <rule id="4805" level="0">
48    <if_sid>4800</if_sid>
49    <status>^5</status>
50    <description>SonicWall notice message.</description>
51  </rule>
52  
53  <rule id="4806" level="0">
54    <if_sid>4800</if_sid>
55    <status>^6</status>
56    <description>SonicWall informational message.</description>
57  </rule>
58  
59  <rule id="4807" level="0">
60    <if_sid>4800</if_sid>
61    <status>^7</status>
62    <description>SonicWall debug message.</description>
63  </rule>
64  
65  <rule id="4810" level="3">
66    <if_sid>4806</if_sid>
67    <id>^236$</id>
68    <description>Firewall administrator login.</description>
69    <group>authentication_success,</group>
70  </rule>
71
72  <rule id="4811" level="9">
73    <if_sid>4801</if_sid>
74    <id>^30$|^32$</id>
75    <description>Firewall authentication failure.</description>
76    <group>authentication_failed,</group>
77  </rule>
78
79  <rule id="4850" level="10" frequency="6" timeframe="120" ignore="60">
80    <if_matched_sid>4804</if_matched_sid>
81    <description>Multiple firewall warning messages.</description>
82    <group>service_availability,</group>
83  </rule>
84  
85  <rule id="4851" level="10" frequency="6" timeframe="120" ignore="60">
86    <if_matched_sid>4803</if_matched_sid>
87    <description>Multiple firewall error messages.</description>
88    <group>service_availability,</group>
89  </rule>
90</group> <!-- SonicWall -->
91
92<!-- EOF -->