Hi Matthew, Wazuh has a repository <https://github.com/wazuh/ossec-rules> for decoders, rules, rootchecks, etc. Almost all decoders/rules should work in every OSSEC version, except some of them that use new features. I recommend you to create a backup of OSSEC, then update the rules using the script <https://github.com/wazuh/ossec-rules/blob/master/ossec_ruleset.py>. Some rules will be failing, so replace them with the proper backup. In this way you will have the most up to date "signatures".
Regards. On Wednesday, November 2, 2016 at 5:03:51 PM UTC+1, dan (ddpbsd) wrote: > > On Wed, Nov 2, 2016 at 12:00 PM, Matthew Casperson > <[email protected] <javascript:>> wrote: > > I've been trying to track down where it details how often signatures are > > updated for OSSEC. Are new signatures part of each version? E.g. if I > am > > on 2.8.2 and want to have the most up to date signatures would I have to > > upgrade to the current version of OSSEC or are signatures updated > > independent of new version releases? Help greatly appreciated. > > > > The rules are currently updated with releases. > > > Matt > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
