Skip to content
This repository was archived by the owner on Oct 7, 2025. It is now read-only.

Refactoring-custom-wazuh-rules#2543

Merged
matej5 merged 2 commits into
2.xfrom
Refactoring-custom-wazuh-rules-PR-2.x
Jun 16, 2025
Merged

Refactoring-custom-wazuh-rules#2543
matej5 merged 2 commits into
2.xfrom
Refactoring-custom-wazuh-rules-PR-2.x

Conversation

@drazenCE

Copy link
Copy Markdown
Contributor

No description provided.

<!-- Match HTTP 401 Unauthorized responses using regex -->
<rule id="41101" level="5">
<if_sid>31151</if_sid>
<regex>\s401\s</regex>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is tricky ... would this also match log entries that have 401 as number of bytes returned? I think number of bytes returned is also part of the usual nginx log message.

@sonarqubecloud

Copy link
Copy Markdown

@klausi klausi left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, looks good to me.

@matej5 matej5 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@matej5
matej5 merged commit 282279d into 2.x Jun 16, 2025
5 checks passed
@matej5
matej5 deleted the Refactoring-custom-wazuh-rules-PR-2.x branch June 16, 2025 09:25
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants