Default rules
Wazuh default rules are the built-in rules that come with the Wazuh installation. They are available at /var/ossec/ruleset/rules/
on the Wazuh server. These rules cover a wide range of security events and log sources, providing a baseline for common security threats. Default rules are designed to detect various types of attacks, vulnerabilities, or suspicious activities. They are continuously updated and maintained by the Wazuh team to address emerging threats and ensure the effectiveness of the security detection capabilities.