mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 01:45:21 +00:00
Create lnx_clear_logs.yml
This commit is contained in:
Ömer Günal
GitHub
parent
c56cd2dfff
commit
18821d2255
24
rules/linux/lnx_clear_logs.yml
Normal file
24
rules/linux/lnx_clear_logs.yml
Normal file
@ -0,0 +1,24 @@
|
||||
title: Clear Linux Logs
|
||||
id: 80915f59-9b56-4616-9de0-fd0dea6c12fe
|
||||
status: stable
|
||||
description: Detects clear logs
|
||||
author: Ömer Günal, oscd.community
|
||||
date: 2020/10/07
|
||||
references:
|
||||
- https://attack.mitre.org/techniques/T1070/002/
|
||||
logsource:
|
||||
product: linux
|
||||
detection:
|
||||
keywords:
|
||||
- Commands|contains:
|
||||
- 'rm * /var/log*'
|
||||
- 'shred -u /var/log*'
|
||||
- 'echo * > /var/log*'
|
||||
- 'rmdir * /var/log*'
|
||||
condition: keywords
|
||||
falsepositives:
|
||||
- Legitimate administration activities
|
||||
level: medium
|
||||
tags:
|
||||
- attack.defense_evasion
|
||||
- attack.t1070.002
|
||||
Loading…
Reference in New Issue
Block a user