l.bourdin
/
Wazuh-Custom-rules
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prout

This commit is contained in:
root 2026-02-18 07:55:29 +01:00
parent c46a33d9fb
commit 4e7fc6c9f8
1 changed files with 1 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Suricata.xml
View File

@ -352,22 +352,11 @@
<!-- Exception métier : Sphinx exécuté depuis SMB -->
<group name="ids,suricata">
<rule id="100602" level="0">
<if_sid>100600</if_sid>
<regex type="pcre2" field="smb.filename">(?i)Systeme.*\.exe</regex>
<description>
Suricata: Known business software (Sphinx) executed from SMB share
</description>
<options>no_full_log</options>
</rule>
</group>
<!-- Alertes critic : Executable file - Autre que fichier lambda --> <!-- Alertes critic : Executable file - Autre que fichier lambda -->
<group name="ids, suricata"> <group name="ids, suricata">
<rule id="100603" level="12"> <rule id="100603" level="12">
<if_sid>100600</if_sid> <if_sid>100601</if_sid>
<regex type="pcre2" negate="yes" field="smb.filename">(?i)\.(pdf|docx?|xlsx?|pptx?|txt|jpe?g|png|gif|csv|zip|rar)</regex> <regex type="pcre2" negate="yes" field="smb.filename">(?i)\.(pdf|docx?|xlsx?|pptx?|txt|jpe?g|png|gif|csv|zip|rar)</regex>
<description>Suricata: Fichier executable dans dossier partagé</description> <description>Suricata: Fichier executable dans dossier partagé</description>
<!-- <options>no_full_log</options> --> <!-- <options>no_full_log</options> -->