valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
27dcad8ffe
SigmaHQ/rules/linux/lnx_shell_susp_log_entries.yml
Mike Wade 52ab677798 Fixed my git issue
2020-09-13 22:03:04 -06:00

19 lines
466 B
YAML
Raw Blame History

title: Suspicious Log Entries
id: f64b6e9a-5d9d-48a5-8289-e1dd2b3876e1
status: experimental
description: Detects suspicious log entries in Linux log files
author: Florian Roth
date: 2017/03/25
logsource:
product: linux
detection:
keywords:
- entered promiscuous mode
- Deactivating service
- Oversized packet received from
- imuxsock begins to drop messages
condition: keywords
falsepositives:
- Unknown
level: medium
Reference in New Issue View Git Blame Copy Permalink