ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
prowler/contrib/wazuh/prowler_rules.xml
Toni de la Fuente 5ad517ce83 New folder structure phase 1
2022-05-25 12:54:15 +02:00

46 lines
1.8 KiB
XML
Raw Permalink Blame History

<!--
Rules for parsing Prowler output
Authored by Jeremy Phillips <jeremy@uranusbytes.com>
Copyright: Apache License 2.0
ID: 110000-110009
Prowler - https://github.com/toniblyx/prowler
-->
<group name="local,amazon,prowler,">
<!-- Filter 1: Only prowler events -->
<rule id="110001" level="0">
<field name="integration">prowler</field>
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
</rule>
<!-- Check Result: Pass -->
<rule id="110002" level="1">
<if_sid>110001</if_sid>
<field name="prowler.status">Pass</field>
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
</rule>
<!-- Check Result: Info -->
<rule id="110003" level="3">
<if_sid>110001</if_sid>
<field name="prowler.status">Info</field>
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
</rule>
<!-- Check Result: Error -->
<rule id="110004" level="5">
<if_sid>110001</if_sid>
<field name="prowler.status">Error</field>
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
</rule>
<!-- Check Result: Fail, Scored -->
<rule id="110005" level="9">
<if_sid>110001</if_sid>
<field name="prowler.status">Fail</field>
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
</rule>
<!-- Check Result: Fail, Not Scored -->
<rule id="110006" level="7">
<if_sid>110005</if_sid>
<field name="prowler.scored">Not Scored</field>
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
</rule>
</group>
Reference in New Issue View Git Blame Copy Permalink