rules/linux/builtin/lnx_proxy_connection.yml

title: Connection Proxy
id: 72f4ab3f-787d-495d-a55d-68c2ff46cf4c
status: test
description: Detects setting proxy
author: Ömer Günal
references:
  - https://attack.mitre.org/techniques/T1090/
date: 2020/06/17
modified: 2021/11/27
logsource:
  product: linux
detection:
  keyword:
    - 'http_proxy=*'
    - 'https_proxy=*'
  condition: keyword
falsepositives:
  - Legitimate administration activities
level: low
tags:
  - attack.defense_evasion
Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00			`title: Connection Proxy`
			`id: 72f4ab3f-787d-495d-a55d-68c2ff46cf4c`
$frack113$ Change status for old rules 2021-11-27 11:33:14 +01:00			`status: test`
Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00			`description: Detects setting proxy`
			`author: Ömer Günal`
Fixed my git issue 2020-09-13 22:03:04 -06:00			`references:`
$frack113$ Change status for old rules 2021-11-27 11:33:14 +01:00			`- https://attack.mitre.org/techniques/T1090/`
			`date: 2020/06/17`
			`modified: 2021/11/27`
Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00			`logsource:`
$frack113$ Change status for old rules 2021-11-27 11:33:14 +01:00			`product: linux`
Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00			`detection:`
$frack113$ Change status for old rules 2021-11-27 11:33:14 +01:00			`keyword:`
			`- 'http_proxy=*'`
			`- 'https_proxy=*'`
			`condition: keyword`
Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00			`falsepositives:`
$frack113$ Change status for old rules 2021-11-27 11:33:14 +01:00			`- Legitimate administration activities`
Fixed my git issue 2020-09-13 22:03:04 -06:00			`level: low`
			`tags:`
$frack113$ Change status for old rules 2021-11-27 11:33:14 +01:00			`- attack.defense_evasion`