Wazuh-Custom-rules/linux.xml

<!-- Custom rules linux -->

<!-- DPKG -->
<!-- Filtre bruit : dpkg status half-configured -->
<group name="linux, dpkg, filtre">
    <rule id="101200" level="0">
        <if_sid>2904</if_sid>
        <field name="dpkg_status">^status half-configured$</field>
        <description>Filtre bruit : dpkg linux (maj)</description>
        <options>no_full_log</options>
    </rule>
</group>

<!-- Filtre bruit : dpkg status  -->
<group name="linux, dpkg, filtre">
    <rule id="101201" level="0">
        <if_sid>2902</if_sid>
        <field name="dpkg_status">^status installed$</field>
        <description>Filtre bruit : dpkg linux (maj)</description>
        <options>no_full_log</options>
    </rule>
</group>