valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

restored the rule

Browse Source
This commit is contained in:
yugoslavskiy 2020-11-28 18:52:43 +01:00 committed by GitHub
parent eee2ace2c6
commit 5afb445b8b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rules/linux/lnx_setgid_setuid.yml
View File

@ -10,12 +10,12 @@ references:
logsource:
product: linux
detection:
selection1|contains:
- 'chown root'
selection2|contains:
- ' chmod u+s'
selection1:
- '*chown root*'
selection2:
- '* chmod u+s*'
selection3|contains:
- ' chmod g+s'
- '* chmod g+s*'
condition: (selection1 and selection2) or (selection1 and selection3)
falsepositives:
- Legitimate administration activities