Wazuh OSSEC Decoder and Rules (OS_Regex or regex and OS_Match or sregex) - 01/05/2018 22:30 EDT

We are looking for a resource who can create custom decoders and custom rules in support of the Wazuh Ossec version of OSSEC.

Order of operations:

1. We will provide a sample of logs

2. The developer will create and test a decoder for that specific log type

3. The developer will create and test a rule document for that specific log set

4. The developer will provide the test results

5. We will process payment

6. The developer will submit the rules

7. Repeat for the next set of logs.

We will pay for each project based on the complexity of the log set. We expect that each decoder would be worth $50 us each and that the set of rules could be anywhere from $50-$200 per ruleset with some larger rule sets being more than that. This will be for each log set provided. We have about 30 of these in the queue now that require decoders and rules and we get new ones frequently. We will continue this project perpetually if we can work out a good cadence. In most cases, we will need the rules and decoders in 72 hours from submission.

Rules and decoders are based on the following:

[url removed, login to view]

and use OS_Regex or regex and OS_Match or sregex.

Sample rules are located here:

[url removed, login to view]

Sample decoders are located here:

[url removed, login to view]


Rules must comply with the following syntax.

[url removed, login to view]

All fields must be parsed into json notated fields

Rules must trigger an appropriate action (Email, Slack, log only)

Rules must not require the "override" of a previous rule.

We will provide access to a Wazuh OSSEC server in Amazon with access to all testing tools:



Note: You will need to understand how to connect to a linux server in AWS.

Skills: Regular Expressions, Software Testing, XML

See more: regex match words, regex match list of words, regex match list, match anything regex, java regex rules, extract data regex match, crawler regex, extract date web page regex, function regex, asp regex links, data extraction using regex, img src php regex, extract area code phone number regex, aspnet regex url, regex application

About the Employer:
( 0 reviews ) Arlington, United States

Project ID: #16856256

Awarded to:

$133 USD in 7 days
(0 Reviews)