rules/linux/lnx_proxy_connection.yml

title: Connection Proxy
id: 72f4ab3f-787d-495d-a55d-68c2ff46cf4c
status: experimental
description: Detects setting proxy
author: Ömer Günal
date: 2020/06/17
references:
    - https://attack.mitre.org/techniques/T1090/
logsource:
    product: linux
detection:
    keyword:
        - 'http_proxy=*'
        - 'https_proxy=*'
    condition: keyword
falsepositives:
    - Legitimate administration activities
level: low
tags:
    - attack.defense_evasion
Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00			`title: Connection Proxy`
			`id: 72f4ab3f-787d-495d-a55d-68c2ff46cf4c`
Fixed my git issue 2020-09-13 22:03:04 -06:00			`status: experimental`
Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00			`description: Detects setting proxy`
			`author: Ömer Günal`
			`date: 2020/06/17`
Fixed my git issue 2020-09-13 22:03:04 -06:00			`references:`
			`- https://attack.mitre.org/techniques/T1090/`
Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00			`logsource:`
			`product: linux`
			`detection:`
			`keyword:`
			`- 'http_proxy=*'`
			`- 'https_proxy=*'`
			`condition: keyword`
			`falsepositives:`
			`- Legitimate administration activities`
Fixed my git issue 2020-09-13 22:03:04 -06:00			`level: low`
			`tags:`
			`- attack.defense_evasion`