You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dear Wazuh Team,
I am writing to ask for the creation of decoders and rules relating to 3 events generated by the Free Mostonet AntiVirus/Endpoint/Server Protection antivirus. (https://www.mostonet.it)
Mostonet AV it's a free anti-malware solution based on ClamAV engine and other technologies for
protect users, farm and children. It's totally free without banner, ad-ware or spyware.
The events are recorded in the Windows Event Log in Applications and have the ID:
20458 (Error-Integrity Error),
20457 (Warning (EDR/Anti-Ransom/Real-Time/Malware found),
20456 (Information - Integrity OK).
The XML structure is very simple but I ask for your help to implement these rules/decoders for everyone.
Example: ID 20456 (but identic for ID 20457 and 20458) from Windows EventLog-Application
Dear Wazuh Team,
I am writing to ask for the creation of decoders and rules relating to 3 events generated by the Free Mostonet AntiVirus/Endpoint/Server Protection antivirus. (https://www.mostonet.it)
Mostonet AV it's a free anti-malware solution based on ClamAV engine and other technologies for
protect users, farm and children. It's totally free without banner, ad-ware or spyware.
The events are recorded in the Windows Event Log in Applications and have the ID:
20458 (Error-Integrity Error),
20457 (Warning (EDR/Anti-Ransom/Real-Time/Malware found),
20456 (Information - Integrity OK).
The XML structure is very simple but I ask for your help to implement these rules/decoders for everyone.
Example: ID 20456 (but identic for ID 20457 and 20458) from Windows EventLog-Application
<Eventxmlns="http://schemas.microsoft.com/win/2004/08/events/event">`<System><Provider Name="Mostonet AntiVirus"/><EventID Qualifiers="0">20456</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2022-12-20T13:38:42.000000000Z"/><EventRecordID>3867</EventRecordID><Channel>Application</Channel><Computer>PC-TEST</Computer><Security/></System><EventData><Data>Source: Mostonet AntiVirus Version: 9.0.9 Module: moprisuite Event: Endpoint started with no integrity issues.</Data><Binary>0000000000000000000000000000000064CFA8001C00950024F919009636420024CC1900989C400000000000FFFFFFFF3C7FA8000400000044F91900518E530014F8190098F8190010F8190024EA4600FE5A47006843A40000000000000000000000000000000000000000000000000000</Binary></EventData></Event>Thanks for your help.
The text was updated successfully, but these errors were encountered: