-
Notifications
You must be signed in to change notification settings - Fork 1k
/
rule_ids.txt
104 lines (83 loc) · 2.25 KB
/
rule_ids.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# ossec Rules ids.
#
# Ossec official rules should be under some of these
# assignments.
#
# Local rules should go from 100000 to 120000.
#
# Every rule will also have a revision attribute (if modified).
# *default revision is 0 (when first added).
00000 - 00999 Internally reserved for ossec
01000 - 01999 General syslog
02100 - 02299 NFS
02300 - 02499 Xinetd
02500 - 02699 Access control
02700 - 02729 Mail/procmail
02800 - 02829 Smartd
02830 - 02859 Crond
02860 - 02899 Mount/Automount
03100 - 03299 Sendmail
03300 - 03499 Postfix
03500 - 03599 Spamd
03600 - 03699 Imapd
03700 - 03799 MailScanner
04100 - 04299 Generic Firewall
04300 - 04499 Cisco PIX Firewall
04500 - 04699 Netscreen Firewall
05100 - 05299 Kernels (Linux, Unix, etc)
05300 - 05399 Su
05400 - 05499 sudo
05500 - 05599 Pam unix
05600 - 05699 Telnetd
05700 - 05899 sshd
05900 - 05999 Adduser or user deletion.
07100 - 07199 Tripwire
07200 - 07299 Arpwatch
07300 - 07399 Symantec Anti Virus
09100 - 09199 PPTP
09200 - 09299 Squid syslog
09300 - 09399 Horde IMP
10100 - 10199 FTS
11100 - 11199 FTPd
11200 - 11299 ProFTPD
11300 - 11399 Pure-FTPD
11400 - 11499 vs-FTPD
12100 - 12299 Named (bind DNS)
13100 - 13299 Samba (smbd)
14100 - 14199 Racoon SSL
14200 - 14299 Cisco VPN Concentrator
17100 - 17399 Policy
18100 - 18499 Windows system
18500 - 18650 Sysmon rules
18651 - 18750 MS IPSec rules
20100 - 20299 IDS
20300 - 20499 IDS (Snort specific)
20500 - 20509 Windows PowerShell
30100 - 30999 Apache error log
31100 - 31199 Web access log
31501 - 32000 Web Appsec rules
35000 - 35999 Squid
40100 - 40499 Attack patterns
40500 - 40599 Privilege escalation
40600 - 40699 Scan patterns
40700 - 40899 Systemd
40900 - 40999 Firewalld
51500 - 51999 OpenBSD rules
52000 - 52499 Apparmor rules
52500 - 53199 clam av rules
53200 - 53499 nsd rules
53500 - 53299 opensmtpd rules
53300 - 53399 owncloud rules
53400 - 53500 proxmox ve rules
53501 - 53550 OpenSMTPd rules
53551 - 53599 dnsmasq
53600 - 53625 linux usb detection rules
53626 - 53630 ms usb detection rules
53631 - 53699 ms firewall rules
53700 - 53749 PSAD rules
53750 - 53799 unbound rules
53800 - 53825 Kaspersky Endpoint Security 10 for Linux rules
53826 - 53829 MHN - Dionaea
53830 - 53840 MHN - Cowrie
56000 - 56200 FreeBSD rules
100000 - 109999 User defined rules