valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e76c11da7f
SigmaHQ/rules/web/web_nginx_core_dump.yml
G Y 544ec5861b
Update web_nginx_core_dump.yml 
Fixed typo in description field.
2021-07-03 10:39:37 +08:00

21 lines
676 B
YAML
Raw Blame History

title: Nginx Core Dump
id: 59ec40bb-322e-40ab-808d-84fa690d7e56
description: Detects a core dump of a crashing Nginx worker process, which could be a signal of a serious problem or exploitation attempts.
author: Florian Roth
date: 2021/05/31
references:
- https://docs.nginx.com/nginx/admin-guide/monitoring/debugging/#enabling-core-dumps
- https://www.x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/
logsource:
product: apache
detection:
keywords:
- 'exited on signal 6 (core dumped)'
condition: keywords
falsepositives:
- Serious issues with a configuration or plugin
level: high
tags:
- attack.impact
- attack.t1499.004
Reference in New Issue View Git Blame Copy Permalink