rules

Not going to get into super detail but webhook to get the push and pulls into Wazuh. 1 Configure wazuh to accept the logs inputs for github in ossec.conf 2. Create a decoader in using regex /var/ossec/etc/decoders/local_decoder.xml <regex>.*”pull_request”:.*</regex> <regex>.*”pusher”:.*</regex> 3. Create rules to file and record: /var/ossec/etc/rules/local_rules.xml <rule id=”100100″ level=”3″> <decoded_as>github-push</decoded_as> <rule id=”100101″ level=”3″> <decoded_as>github-pull</decoded_as> Read more