November 1st 2023 | by Jorge Marino | Wazuh 4.6
A common question among Wazuh users is how to trigger a rule, after two other rules were triggered.
The current Wazuh Rules' syntax does not include any mechanism to achieve this purpose right out of the box.
| // Copyright The OpenTelemetry Authors | |
| // SPDX-License-Identifier: Apache-2.0 | |
| #include "opentelemetry/sdk/metrics/metric_reader.h" | |
| #include "opentelemetry/sdk/common/global_log_handler.h" | |
| #include <onDemandMetricReader.hpp> | |
| #include "opentelemetry/sdk/metrics/push_metric_exporter.h" | |
| #include <chrono> | |
| #if defined(_MSC_VER) |
| { | |
| // Use IntelliSense to learn about possible attributes. | |
| // Hover to view descriptions of existing attributes. | |
| // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 | |
| "version": "0.2.0", | |
| "configurations": [ | |
| { | |
| "name": "Engine Run", | |
| "type": "cppdbg", | |
| "request": "launch", |
| { | |
| scope name : ostream_metric_example | |
| schema url : | |
| version : 1.2.0 | |
| start time : Wed Feb 8 17:45:47 2023 | |
| end time : Wed Feb 8 17:45:48 2023 | |
| instrument name : ostream_metric_example | |
| description : description | |
| unit : | |
| type : SumPointData |
| --- | |
| name: decoder/f5-apm-base/0 | |
| metadata: | |
| module: f5 | |
| title: f5 APM Decoder Base | |
| description: Decodes HEADER F5 BIG-IP Access Policy Manager logs | |
| compatibility: > | |
| This decoder is under development. | |
| author: |
| --- | |
| name: decoder/f5-afm/0 | |
| metadata: | |
| module: F5 | |
| title: F5 AFM Decoder | |
| description: Decodes F5 BIG-IP Advanced Firewall Manager logs | |
| compatibility: > | |
| New Wazuh Engine | |
| author: |