Author Commit Message Labels Comments Date
Daniel Cid avatarDaniel Cid
Removing sql injection checks that cause too many FP.
Daniel Cid avatarDaniel Cid
Removing joomla from cms login. Too many fp.
Daniel Cid avatarDaniel Cid
Setting the proper return code for read-ossecalert.
Daniel Cid avatarDaniel Cid
Allowing @ on agent names.
Daniel Cid avatarDaniel Cid
Fixing segfault on 64bit servers when syscheck is disabled.
Daniel Cid avatarDaniel Cid
Small changes to rules.
Daniel Cid avatarDaniel Cid
Removing rule that causes too many fp. And cleaning up firewall-drop for linux. If iptables fails is because of mem/cpu issues and keeping firewall-drop running only causes more usage there.
Daniel Cid avatarDaniel Cid
Removing entry that is causing too many fp.
Daniel Cid avatarDaniel Cid
Ignoring posts on /admin/ too.
Default avatar sucuri
Ignoring nginx noise rule.
Daniel Cid avatarDaniel Cid
Adding detection for joomla brute force.
Daniel Cid avatarDaniel Cid
Detecting bots doing too many POSt requests in a small period of time.
Daniel Cid avatarDaniel Cid
Adding a few more web rules (thanks for Tony Perez for them) and a custom active response script (easy to modify)
Daniel Cid avatarDaniel Cid
Ignoring nginx 499 errors and a few more web appsec rules.
Daniel Cid avatarDaniel Cid
Fixing reports location to allow a . in the agent name. Increasing the size of the reports too ot be easier to read.
Daniel Cid avatarDaniel Cid
Small improvements to these web rules.
Daniel Cid avatarDaniel Cid
Fixing insecure path creation for the winsrvc.
Daniel Cid avatarDaniel Cid
Fixing ar_log decoder.
Comments 1
Daniel Cid avatarDaniel Cid
Fixing firewall-drop to prevent a resource loop. If the iptables rule insert fails, it can enter on a loop...
Daniel Cid avatarDaniel Cid
Fix for analysisd crashing on solaris (some fields were null).
Daniel Cid avatarDaniel Cid
Adding a few more web-based rules.
Daniel Cid avatarDaniel Cid
Change version to snap-YEAR-MONTH. So we can use the repo as a snapshot without confusing with the official versions.
Daniel Cid avatarDaniel Cid
Fixing rule id.
Daniel Cid avatarDaniel Cid
Rules for wp-login.php (Wordpress) brute force.
Daniel Cid avatarDaniel Cid
Adding patch from Mattias Slabanja:
Daniel Cid avatarDaniel Cid
Adding old CVS style tags at the top of the files.
Daniel Cid avatarDaniel Cid
Adding libwww-perl as well. Never saw anything good coming as it.
Daniel Cid avatarDaniel Cid
Blocking the annoying zmeu user agent by default. And adding the rules by default as well.
Daniel Cid avatarDaniel Cid
Adding some custom rules for web apps vulns.
Daniel Cid avatarDaniel Cid
Adding nginx log files to the default list.
  1. Prev
  2. Next
Help
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.