Update lnx_auditd_create_account.yml
This commit is contained in:
Timur Zinniatullin
@@ -1,12 +1,13 @@
|
||||
title: Creation Of An User Account
|
||||
id: 759d0d51-bc99-4b5e-9add-8f5b2c8e7512
|
||||
status: experimental
|
||||
description: Detects the creation of a new user account. According to MITRE ATT&CK, "such accounts may be used for persistence that do not require persistent remote access tools to be deployed on the system"
|
||||
description: Detects the creation of a new user account. According to MITRE ATT&CK, "such accounts may be used for persistence that do not require persistent remote access tools to be deployed on the system"
|
||||
references:
|
||||
- 'MITRE Attack technique T1136; Create Account '
|
||||
date: 2020/05/18
|
||||
tags:
|
||||
- attack.t1136
|
||||
- attack.t1136 # an old one
|
||||
- attack.t1136.001
|
||||
- attack.persistence
|
||||
author: Marie Euler
|
||||
logsource:
|
||||
|
||||
Reference in New Issue
Block a user