valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
frack113 2021-09-03 13:30:10 +02:00 committed by GitHub
parent 8bd859f550
commit 815134df7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
rules/linux/auditd/lnx_auditd_system_info_discovery.yml
View File

@ -1,11 +1,11 @@
title: 'System Information Discovery'
description: 'Detects System Information Discovery commands'
title: System Information Discovery
description: Detects System Information Discovery commands
author: 'Pawel Mazur'
status: experimental
date: 2021/09/03
references:
- 'https://attack.mitre.org/techniques/T1082/'
- 'https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md'
- https://attack.mitre.org/techniques/T1082/
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md
logsource:
product: linux
service: auditd
@ -21,10 +21,10 @@ detection:
a0:
- uname
- uptime
condition: 'selection or selection2'
condition: selection or selection2
tags:
- attack.discovery
- attack.t1082
falsepositives:
- 'Legitimate administrative activity'
- Legitimate administrative activity
level: low