valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update lnx_clear_logs.yml

Browse Source
This commit is contained in:
yugoslavskiy 2020-12-02 01:28:29 +01:00 committed by GitHub
parent 1c4c5af99f
commit 378f663502
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/linux/lnx_clear_logs.yml
View File

@ -10,14 +10,14 @@ logsource:
product: linux
category: process_creation
detection:
selection1:
selection:
ProcessName|endswith:
- '/rm' # covers /rmdir as well
- '/shred'
CommandLine|contains:
- '/var/log'
- '/var/spool/mail'
condition: selection1 and selection2
condition: selection
falsepositives:
- Legitimate administration activities
level: low