valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Removing the echo detection

Browse Source
This commit is contained in:
Alejandro Ortuno 2020-10-28 10:07:59 +01:00
parent 5e5576a91b
commit 3a58c00feb
2 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
rules/linux/lnx_network_service_scanning.yml
View File

@ -11,18 +11,15 @@ logsource:
product: linux
detection:
selection_1:
CommandLine|contains:
- '/dev/tcp/'
selection_2:
ProcessName|endswith:
- '/cat'
selection_3:
selection_2:
ProcessName|endswith:
- '/nmap'
selection_4:
selection_3:
ProcessName|endswith:
- '/telnet'
selection_5:
selection_4:
ProcessName|endswith:
- '/nc'
condition: 1 of them

9
rules/linux/macos_network_service_scanning.yml
View File

@ -11,18 +11,15 @@ logsource:
product: macos
detection:
selection_1:
CommandLine|contains:
- '/dev/tcp/'
selection_2:
ProcessName|endswith:
- '/cat'
selection_3:
selection_2:
ProcessName|endswith:
- '/nmap'
selection_4:
selection_3:
ProcessName|endswith:
- '/telnet'
selection_5:
selection_4:
ProcessName|endswith:
- '/nc'
condition: 1 of them