Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cisco switches - new Decoders and Rules #441

Closed
wants to merge 1 commit into from
Closed

Cisco switches - new Decoders and Rules #441

wants to merge 1 commit into from

Conversation

jmmallorq
Copy link
Contributor

Hello,

I created new Decoders and Rules for Cisco switches related to NTP and network interfaces.

I assigned the Rules IDs 64250 to 64252.

The script output doesn't show any "Failed" message:

# ./runtest.py
- [ File = ./tests/cisco_switches.ini ] ---------
........

I upload the following files:

  • decoders/0066-cisco_switches_decoders.xml
  • rules/0685-cisco_switches_rules.xml
  • tools/rules-testing/cisco_switches.ini

Regards,
J. M. Mallorquín

@jmmallorq jmmallorq added operations rules Rules related issues decoders Decoders related issues labels Jun 26, 2019
@jmmallorq jmmallorq self-assigned this Jun 26, 2019
@rossengeorgiev
Copy link
Contributor

Hi there, please consider these changes together with PR #402 as they will be in conflict. #402 expands the cisco decoder capabilities to handle a number of logging configurations. There is a comment providing a little background on the cisco log format. As this decoder is 0066 it won't work if both PRs are merged.

@vikman90 vikman90 changed the base branch from master to develop July 31, 2020 12:10
@vikman90 vikman90 changed the base branch from develop to master September 25, 2020 08:21
@MiguelCasaresRobles MiguelCasaresRobles added the threatintel Threat Intelligence label Jan 8, 2021
@72nomada 72nomada added the threatintel/review is in review. waiting some feedback label Jan 23, 2021
@juanrricci
Copy link

Hello team, we close this PR without applying the changes suggested here. The related issues were already solved in the following PR which applies on the last Wazuh version: wazuh/wazuh#7289.

@juanrricci juanrricci closed this Jan 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juanrricci juanrricci Awaiting requested review from juanrricci

Assignees

@jmmallorq jmmallorq

Labels
decoders Decoders related issues operations rules Rules related issues threatintel/review is in review. waiting some feedback threatintel Threat Intelligence
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jmmallorq @rossengeorgiev @juanrricci @MiguelCasaresRobles @72nomada