Skip to content

Add ruleset and rule triggering logic#156

Merged
okynos merged 16 commits intomainfrom
140-rule-trigger
Apr 30, 2024
Merged

Add ruleset and rule triggering logic#156
okynos merged 16 commits intomainfrom
140-rule-trigger

Conversation

@okynos
Copy link
Member

@okynos okynos commented Apr 29, 2024
edited
Loading

Hello!

This PR closes #140 thanks @thisnugroho for the feature request.

We have added a first steps into rule management and generation.
The main features are:

  • Moved config.rs to appconfig.rs This will resolve some naming conflict.
  • Moved init function to init.rs module this will allow to manage initialization in a better way.
  • Added regex crate as a new dependency.
  • Updated OpenSearch index template to reflect rule event attributes.
  • Added rules.yml template, where your rules will be included.
  • Manage rules file as a configuration file in the package management system.
  • Moved TMP_EVENTS static mutable variable to Arc<Mutex> inside appconfig. This will allow to remove unsafe blocks and use a 'singleton' configuration file.
  • Include rule event triggering inside Monitor Event and Audit Event.
  • Added Event generic file where the trait is defined, later coded in each module.
  • Moved Event to MonitorEvent module.
  • Now rotator module contains a configuration instance with all shared variables and previously mentioned mutex.
  • Added ruleevent.rs file that manage Rule Event attributes and processing.
  • Added ruleset.rs file that manage regexes and rule triggering.
  • Fixed Windows service logging error.
  • Improved message logging and reporting.
  • Minor improvements into automatic testing.

okynos added 16 commits April 22, 2024 12:50
@okynos
Initial commit in ruleset declaration
eb5c68e
@okynos
Merge branch 'main' of github.com:Achiefs/fim into 140-rule-trigger
a01c68a
@okynos
Moved static config to variable passed, included mutex into configura…
62898ed 
…tion that replaces static TMP_EVENTS
@okynos
Moved config to appconfig, moved static ruleset to cloned one, improv…
fe238f1 
…ed ruleset strategy, created ruleevent, adapt structure to manage ruleevent
@okynos
Solved unit tests errors and clippy report
44446aa
@okynos
Fixed unit tests in Linux, added rules configuration.
42dad6d
@okynos
Included rules.yml installation in packages
8ae8e7b
@okynos
Removed config.rs, changed windows WXS Rules ID, fixed unit tests Win…
265836d 
…dows and Linux, Added ruleset match to auditevents
@okynos
Fix error on config.rs windows replace test, added ruleset to test_pr…
4e6809a 
…ocess in auditevent, fixed feature in Windows WXS
@okynos
Minor fixes in unit tests
8b3dfb0
@okynos
Fix monitor second path in unit tests
71ff7a6
@okynos
Added unitary tests of rule event and ruleset
b408500
@okynos
Solved typo in ruleset match_rule_unix test, from sh to php
308b0e1
@okynos
Fixed Arc value lock log error
b3065f2
@okynos
Added parent_id parameter to ruleevent
af351b3
@okynos
Remove monitorruleevent.rs file
6676645
@okynos okynos self-assigned this Apr 29, 2024
@okynos okynos merged commit 2b3ea0f into main Apr 30, 2024
@okynos okynos deleted the 140-rule-trigger branch April 30, 2024 05:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@okynos okynos

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Include rules to trigger custom events

1 participant

@okynos