valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
18821d2255
SigmaHQ/rules/linux/lnx_clear_logs.yml
Ömer Günal 18821d2255
Create lnx_clear_logs.yml
2020-10-07 22:27:06 +03:00

25 lines
597 B
YAML
Raw Blame History

title: Clear Linux Logs
id: 80915f59-9b56-4616-9de0-fd0dea6c12fe
status: stable
description: Detects clear logs
author: Ömer Günal, oscd.community
date: 2020/10/07
references:
- https://attack.mitre.org/techniques/T1070/002/
logsource:
product: linux
detection:
keywords:
- Commands|contains:
- 'rm * /var/log*'
- 'shred -u /var/log*'
- 'echo * > /var/log*'
- 'rmdir * /var/log*'
condition: keywords
falsepositives:
- Legitimate administration activities
level: medium
tags:
- attack.defense_evasion
- attack.t1070.002
Reference in New Issue View Git Blame Copy Permalink