From c8fa678a9b3e1e6447a71113163c9bb2c1f8b262 Mon Sep 17 00:00:00 2001
From: Andreas Hunkeler <karneades@protonmail.com>
Date: Fri, 11 Feb 2022 14:14:22 +0100
Subject: [PATCH] rule: add tag execution to new bpftrace rule

---
 .../process_creation/lnx_bpftrace_unsafe_option_usage.yml      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/rules/linux/process_creation/lnx_bpftrace_unsafe_option_usage.yml b/rules/linux/process_creation/lnx_bpftrace_unsafe_option_usage.yml
index 0c1081b9d..d6723d8e0 100644
--- a/rules/linux/process_creation/lnx_bpftrace_unsafe_option_usage.yml
+++ b/rules/linux/process_creation/lnx_bpftrace_unsafe_option_usage.yml
@@ -3,6 +3,9 @@ id: f8341cb2-ee25-43fa-a975-d8a5a9714b39
 status: experimental
 description: Detects the usage of the unsafe bpftrace option
 author: Andreas Hunkeler (@Karneades)
+tags: 
+  - attack.execution
+  - attack.t1059.004
 references:
   - https://embracethered.com/blog/posts/2021/offensive-bpf-bpftrace/
   - https://bpftrace.org/