valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update lnx_auditd_steghide_extract_steganography.yml

Browse Source
This commit is contained in:
zakibro 2021-09-11 11:19:21 +02:00 committed by GitHub
parent d0741f9f3a
commit 6412ddaaee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
rules/linux/auditd/lnx_auditd_steghide_extract_steganography.yml
View File

@ -17,15 +17,12 @@ logsource:
product: linux product: linux
service: auditd service: auditd
detection: detection:
type: Steghide:
type: EXECVE type: EXECVE
commands:
a0: steghide a0: steghide
a1: extract a1: extract
a2:
a2: '-sf' a2: '-sf'
a3:
a3|endswith: a3|endswith:
- '.jpg' - '.jpg'
- '.png' - '.png'
condition: type and commands and a2 and a3 condition: Steghide