mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-08 10:13:57 +00:00
36 lines
560 B
YAML
36 lines
560 B
YAML
title: STIX for Linux Logs
|
|
backends:
|
|
- stix
|
|
order: 40
|
|
logsources:
|
|
linux:
|
|
product: linux
|
|
fieldmappings:
|
|
type:
|
|
- x-event:action
|
|
keywords:
|
|
- artifact:payload_bin
|
|
a0:
|
|
- process:command_line
|
|
a1:
|
|
- process:command_line
|
|
name:
|
|
- file:name
|
|
a3:
|
|
- process:command_line
|
|
key:
|
|
- x-sigma:keywords
|
|
exe:
|
|
- file:name
|
|
a2:
|
|
- process:command_line
|
|
SYSCALL:
|
|
- x-event:action
|
|
pam_message:
|
|
- x-event:action
|
|
pam_user:
|
|
- user-account:user_id
|
|
pam_rhost:
|
|
- x-host:name
|
|
USER:
|
|
- user-account:user_id |