valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2e29c07e83
SigmaHQ/rules/linux/lnx_file_or_folder_permissions.yml
Timur Zinniatullin 4e688233d7 ATT&CK mapping update suggestions for \linux\
2020-08-04 19:48:18 +03:00

25 lines
637 B
YAML
Raw Blame History

title: File or Folder Permissions Change
description: Detects
id: 74c01ace-0152-4094-8ae2-6fd776dd43e5
status: experimental
tags:
- attack.defense_evasion
- attack.t1222.002
author: Jakob Weinzettl, oscd.community
date: 2019/09/23
logsource:
product: linux
service: auditd
detection:
selection:
type: 'EXECVE'
a0|contains:
- 'chmod'
- 'chown'
condition: selection
falsepositives:
- User interracting with files permissions (normal/daily behaviour)
level: low
references:
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.yaml
Reference in New Issue View Git Blame Copy Permalink