PageRenderTime 54ms CodeModel.GetById 48ms app.highlight 2ms RepoModel.GetById 1ms app.codeStats 0ms

/rules/50_ms-se_rules.xml

https://bitbucket.org/oscarschneider/ossec-rules
XML | 73 lines | 45 code | 14 blank | 14 comment | 0 complexity | 7be6113c1b99f07a33ef31ebf292c5c4 MD5 | raw file
 1<!-- @(#) $Id: ms-se_rules.xml,v 1.2 2010/03/04 20:12:33 dcid Exp $
 2  -  Official Microsoft Security Essentials rules for OSSEC.
 3  -
 4  -  Copyright (C) 2010 Trend Micro Inc.
 5  -  All rights reserved.
 6  -
 7  -  This program is a free software; you can redistribute it
 8  -  and/or modify it under the terms of the GNU General Public
 9  -  License (version 2) as published by the FSF - Free Software
10  -  Foundation.
11  -
12  -  License details: http://www.ossec.net/en/licensing.html
13  -->
14  
15
16
17
18<group name="windows,mse,">
19  <rule id="7701" level="0">
20    <category>windows</category>
21    <extra_data>^Microsoft Antimalware</extra_data>
22    <description>Grouping of Microsoft Security Essentials rules.</description>
23  </rule>
24
25  <rule id="7710" level="12">
26    <if_sid>7701</if_sid>
27    <id>^1008$</id>
28    <group>virus</group>
29    <description>Microsoft Security Essentials - Virus detected, but unable to remove.</description>
30  </rule>
31
32  <rule id="7711" level="7">
33    <if_sid>7701</if_sid>
34    <id>^1007$</id>
35    <group>virus</group>
36    <description>Microsoft Security Essentials - Virus detected and properly removed.</description>
37  </rule>
38
39  <rule id="7712" level="7">
40    <if_sid>7701</if_sid>
41    <id>^1015$|^1006$</id>
42    <group>virus</group>
43    <description>Microsoft Security Essentials - Virus detected.</description>
44  </rule>
45  
46  <rule id="7720" level="3">
47    <if_sid>7701</if_sid>
48    <id>^5007$</id>
49    <description>Microsoft Security Essentials - Configuration changed.</description>
50    <group>policy_changed,</group>
51  </rule>
52
53  <rule id="7731" level="5">
54    <if_sid>7711, 7712</if_sid>
55    <match>Virus:DOS/EICAR_Test_File</match>
56    <options>alert_by_email</options>
57    <description>Microsoft Security Essentials - EICAR test file detected.</description>
58  </rule>
59
60
61  <rule id="7750" level="10" frequency="6" timeframe="240">
62    <if_matched_sid>7711</if_matched_sid>
63    <description>Multiple Microsoft Security Essentials AV warnings detected.</description>
64  </rule>
65
66  <rule id="7751" level="10" frequency="6" timeframe="240">
67    <if_matched_sid>7712</if_matched_sid>
68    <description>Multiple Microsoft Security Essentials AV warnings detected.</description>
69  </rule>
70</group> <!-- mse -->
71
72
73<!-- EOF -->