Added rules/decoder for mhn

[Bob-Andrews]

Added Range, Rules and Decoder for Cowrie and Dionaea in Modern Honeypot Network.
Did not add the mhn-json.log to the ossec.conf. Added a hint to the rule files and decoder instead.
Not sure if this rules are to special for including it directly.

[aquerubin]

The regexp are IPv4 centric. Can you make them IPv6 friendly? Tony

…

On Nov 16, 2018, at 02:47, Bob-Andrews ***@***.***> wrote: Added Range, Rules and Decoder for Cowrie and Dionaea in Modern Honeypot Network. Did not add the mhn-json.log to the ossec.conf. Added a hint to the rule files and decoder instead. Not sure if this rules are to special for including it directly. You can view, comment on, or merge this pull request online at: #1574 Commit Summary Added Range for MHN Added decoder for MHN Added MHN Cowrie Rules Added rules for MHN Dionaea Corrected mhn range order File Changes M doc/rule_ids.txt (2) M etc/decoder.xml (40) A etc/rules/mhn_cowrie_rules.xml (26) A etc/rules/mhn_dionaea_rules.xml (13) Patch Links: https://github.com/ossec/ossec-hids/pull/1574.patch https://github.com/ossec/ossec-hids/pull/1574.diff — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.