GAMO
/
WAZUH_RULES
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
WAZUH_RULES/local_mikrotik_rules.xml

31 lines
883 B
Raw Permalink Blame History

<group name="Mikrotik,">
<rule id="110000" level="0">
<decoded_as>mikrotik</decoded_as>
<description>Mikrotik-Event</description>
</rule>
<rule id="110001" level="5">
<if_sid>110000</if_sid>
<match>dhcp-client on ether</match>
<description>MikroTik dhcp-client received an IP address $(ip_address)</description>
</rule>
<rule id="110002" level="5">
<if_sid>110000</if_sid>
<match>rebooted</match>
<description>MikroTik router rebooted</description>
</rule>
<rule id="110003" level="5">
<if_sid>110000</if_sid>
<match>logged out from</match>
<description>MikroTik user logged out via $(protocol)</description>
</rule>
<rule id="110004" level="5">
<if_sid>110000</if_sid>
<match>logged in from</match>
<description>MikroTik user logged in from $(ip_address) via $(protocol)</description>
</rule>
</group>
Reference in new issue View Git Blame Copy Permalink