valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6eea77ae38
SigmaHQ/rules/linux/lnx_shell_susp_log_entries.yml
frack113 4c3f8821c4 add missing tags
2021-09-07 18:16:46 +02:00

20 lines
491 B
YAML
Raw Blame History

title: Suspicious Log Entries
id: f64b6e9a-5d9d-48a5-8289-e1dd2b3876e1
status: experimental
description: Detects suspicious log entries in Linux log files
author: Florian Roth
date: 2017/03/25
logsource:
product: linux
detection:
keywords:
- entered promiscuous mode
- Deactivating service
- Oversized packet received from
- imuxsock begins to drop messages
condition: keywords
falsepositives:
- Unknown
level: medium
tags:
- attack.impact
Reference in New Issue View Git Blame Copy Permalink