{"id":361,"date":"2006-11-04T04:37:33","date_gmt":"2006-11-04T04:37:33","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=361"},"modified":"2020-07-03T04:38:14","modified_gmt":"2020-07-03T04:38:14","slug":"documenting-ossec-rules","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2006\/11\/documenting-ossec-rules\/","title":{"rendered":"Documenting OSSEC rules"},"content":{"rendered":"\n<p>I am in the process to document all\u00a0<a href=\"http:\/\/www.ossec.net\/rules\">ossec rules<\/a>\u00a0at the project\u2019s\u00a0<a href=\"http:\/\/www.ossec.net\/wiki\/\">wiki<\/a>. We currently have 402 rules and I just finished beta-documenting all\u00a0<a href=\"http:\/\/www.ossec.net\/wiki\/index.php\/Special:Whatlinkshere\/Group:apache\">apache<\/a>\u00a0and\u00a0<a href=\"http:\/\/www.ossec.net\/wiki\/index.php\/Special:Whatlinkshere\/Group:arpwatch\">arpwatch<\/a>\u00a0ones. My main goal is to provide for each rule a simple explanation, false positives causes and some sample logs\u2026\u00a0 Since this is a manual task, I am inviting all ossec users to help me out with that. Just go to the rules\u00a0<a href=\"http:\/\/www.ossec.net\/wiki\/index.php\/Rule\">index<\/a>\u00a0page and choose one that is not documented yet. For a simple example, go to the rule\u00a0<a href=\"http:\/\/www.ossec.net\/wiki\/index.php\/Rule:30108\">30108<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I am in the process to document all\u00a0ossec rules\u00a0at the project\u2019s\u00a0wiki. We currently have 402 rules and I just finished beta-documenting all\u00a0apache\u00a0and\u00a0arpwatch\u00a0ones. My main goal is to provide for each rule a simple explanation, false positives causes and some sample logs\u2026\u00a0 Since this is a manual task, I am inviting all ossec users to help [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/361"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=361"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/361\/revisions"}],"predecessor-version":[{"id":362,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/361\/revisions\/362"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}