Wazuh OSSEC Decoder and Rules (OS_Regex or regex and OS_Match or sregex) - 01/05/2018 22:30 EDT

We are looking for a resource who can create custom decoders and custom rules in support of the Wazuh Ossec version of OSSEC. Order of operations: 1. We will provide a sample of logs 2. The developer will create and test a decoder for that specific log type 3. The developer will create and test a rule document for that specific log set 4. The developer will provide the test results 5. We will process payment 6. The developer will submit the rules 7. Repeat for the next set of logs. We will pay for each project based on the complexity of the log set. We expect that each decoder would be worth $50 us each and that the set of rules could be anywhere from $50-$200 per ruleset with some larger rule sets being more than that. This will be for each log set provided. We have about 30 of these in the queue now that require decoders and rules and we get new ones frequently. We will continue this project perpetually if we can work out a good cadence. In most cases, we will need the rules and decoders in 72 hours from submission. Rules and decoders are based on the following: [login to view URL] and use OS_Regex or regex and OS_Match or sregex. Sample rules are located here: [login to view URL] Sample decoders are located here: [login to view URL] Requirements: Rules must comply with the following syntax. [login to view URL] All fields must be parsed into json notated fields Rules must trigger an appropriate action (Email, Slack, log only) Rules must not require the "override" of a previous rule. We will provide access to a Wazuh OSSEC server in Amazon with access to all testing tools: /var/ossec/bin/ossec-logtest /var/ossec/bin/ossec-regex Note: You will need to understand how to connect to a linux server in AWS.