valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update lnx_shell_priv_esc_prep.yml

Browse Source
This commit is contained in:
Galapag0s 2019-09-06 11:29:42 -04:00 committed by GitHub
parent 23021aa110
commit ccdda5e82b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/linux/lnx_shell_priv_esc_prep.yml
View File

@ -62,7 +62,7 @@ detection:
- 'find / -perm -u=s' - 'find / -perm -u=s'
- 'find / -perm -g=s' - 'find / -perm -g=s'
- 'find / -perm -4000' - 'find / -perm -4000'
- 'find / -perm -2000 - 'find / -perm -2000'
timeframe: 30m timeframe: 30m
condition: keywords | count() by host > 6 condition: keywords | count() by host > 6
falsepositives: falsepositives: