Rules for File Rename
11 views
Skip to first unread message
Yogi Valentino
Dec 15, 2025, 7:05:30 AM (2 days ago) Dec 15
to Wazuh | Mailing List
I'm using FIM to make a rename rule file
<group name="syscheck, rename">
<rule id="100101" level="5" timeframe="30">
<if_sid>553</if_sid>
<if_matched_sid>554</if_matched_sid>
<same_field>sha1</same_field>
<description>File $(file) rename</description>
</rule>
</group>
This is what it looks like. I want to make a rule description like this
File $(file) renamed to $(new_file)
Any ideas?
<group name="syscheck, rename">
<rule id="100101" level="5" timeframe="30">
<if_sid>553</if_sid>
<if_matched_sid>554</if_matched_sid>
<same_field>sha1</same_field>
<description>File $(file) rename</description>
</rule>
</group>
This is what it looks like. I want to make a rule description like this
File $(file) renamed to $(new_file)
Any ideas?
Md. Nazmur Sakib
1:38 AM (14 hours ago) 1:38 AM
to Wazuh | Mailing List
Reply all
Reply to author
Forward
0 new messages