security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7b64ab552f94de507753860b6ff0268d4a656321
blue-team-tools/rules/linux/lnx_file_or_folder_permissions.yml
T

24 lines
671 B
YAML
Raw Normal View History

Rule fixes
2020-02-20 23:00:16 +01:00
title: File or Folder Permissions Change
UUIDs + moved unsupported logic
2019-12-19 23:56:36 +01:00
id: 74c01ace-0152-4094-8ae2-6fd776dd43e5
File permissions modification (T1222)
2019-10-23 11:24:13 -07:00
status: experimental
Fixed my git issue
2020-09-13 22:03:04 -06:00
description: Detects file and folder permission changes
File permissions modification (T1222)
2019-10-23 11:24:13 -07:00
author: Jakob Weinzettl, oscd.community
date: 2019/09/23
Fixed my git issue
2020-09-13 22:03:04 -06:00
references:
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.yaml
File permissions modification (T1222)
2019-10-23 11:24:13 -07:00
logsource:
product: linux
Update lnx_file_or_folder_permissions.yml
2019-11-29 09:33:04 +01:00
service: auditd
File permissions modification (T1222)
2019-10-23 11:24:13 -07:00
detection:
Update lnx_file_or_folder_permissions.yml
2019-11-29 09:33:04 +01:00
selection:
type: 'EXECVE'
Update lnx_file_or_folder_permissions.yml
2019-12-02 02:53:35 +01:00
a0|contains:
Update lnx_file_or_folder_permissions.yml
2019-11-29 09:33:04 +01:00
- 'chmod'
- 'chown'
condition: selection
File permissions modification (T1222)
2019-10-23 11:24:13 -07:00
falsepositives:
- User interracting with files permissions (normal/daily behaviour)
level: low
Fixed my git issue
2020-09-13 22:03:04 -06:00
tags:
- attack.defense_evasion
- attack.t1222.002
Reference in New Issue Copy Permalink