valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
edc79a8bb6
SigmaHQ/rules/linux/lnx_file_or_folder_permissions.yml

24 lines
671 B
YAML
Raw Normal View History

Rule fixes Made tests pass the new CI tests. Added further allowed lower case words in rule test.
2020-02-20 22:00:16 +00:00
title: File or Folder Permissions Change
UUIDs + moved unsupported logic * Added UUIDs to all contributed rules * Moved unsupported logic directory out of rules/ because this breaks CI testing.
2019-12-19 22:56:36 +00:00
id: 74c01ace-0152-4094-8ae2-6fd776dd43e5
File permissions modification (T1222)
2019-10-23 18:24:13 +00:00
status: experimental
Fixed my git issue
2020-09-14 04:03:04 +00:00
description: Detects file and folder permission changes
File permissions modification (T1222)
2019-10-23 18:24:13 +00:00
author: Jakob Weinzettl, oscd.community
date: 2019/09/23
Fixed my git issue
2020-09-14 04:03:04 +00:00
references:
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.yaml
File permissions modification (T1222)
2019-10-23 18:24:13 +00:00
logsource:
product: linux
Update lnx_file_or_folder_permissions.yml
2019-11-29 08:33:04 +00:00
service: auditd
File permissions modification (T1222)
2019-10-23 18:24:13 +00:00
detection:
Update lnx_file_or_folder_permissions.yml
2019-11-29 08:33:04 +00:00
selection:
type: 'EXECVE'
Update lnx_file_or_folder_permissions.yml
2019-12-02 01:53:35 +00:00
a0|contains:
Update lnx_file_or_folder_permissions.yml
2019-11-29 08:33:04 +00:00
- 'chmod'
- 'chown'
condition: selection
File permissions modification (T1222)
2019-10-23 18:24:13 +00:00
falsepositives:
- User interracting with files permissions (normal/daily behaviour)
level: low
Fixed my git issue
2020-09-14 04:03:04 +00:00
tags:
- attack.defense_evasion
- attack.t1222.002
Reference in New Issue Copy Permalink