l.bourdin
/
Wazuh-Custom-rules
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Wazuh-Custom-rules/Brut-force-linux.xml

23 lines
993 B
XML
Raw Permalink Blame History

<!-- Brut force SSH-tty PAM -->
<group name="authentication_failures,pci_dss_10.2.4,pci_dss_10.2.5,pci_dss_11.4,gpg13_7.8,gdpr_IV_35.7.d,gdpr_IV_32.2,hipaa_164.312.b,nist_800_53_AU.14,nist_800_53_AC.7,nist_800_53_SI.4,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,">
<rule id="100153" level="15" frequency="8" timeframe="180">
<if_matched_sid>5503</if_matched_sid>
<same_field>srcip</same_field>
<description>Brut force Linux</description>
<mitre>
<id>T1110</id>
</mitre>
</rule>
</group>
<group name="authentication_failures,pci_dss_10.2.4,pci_dss_10.2.5,pci_dss_11.4,gpg13_7.8,gdpr_IV_35.7.d,gdpr_IV_32.2,hipaa_164.312.b,nist_800_53_AU.14,nist_800_53_AC.7,nist_800_53_SI.4,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,">
<rule id="100154" level="15" frequency="8" timeframe="180">
<if_matched_sid>5503</if_matched_sid>
<same_field>tty</same_field>
<description>Brut force Linux</description>
<mitre>
<id>T1110</id>
</mitre>
</rule>
</group>
Reference in New Issue View Git Blame Copy Permalink