Update lnx_clear_logs.yml
This commit is contained in:
Ömer Günal
@@ -8,6 +8,7 @@ references:
|
||||
- https://attack.mitre.org/techniques/T1070/002/
|
||||
logsource:
|
||||
product: linux
|
||||
category: process_creation
|
||||
detection:
|
||||
keywords:
|
||||
- Commands|contains:
|
||||
@@ -15,6 +16,8 @@ detection:
|
||||
- 'shred -u /var/log*'
|
||||
- 'echo * > /var/log*'
|
||||
- 'rmdir * /var/log*'
|
||||
- 'rm * /private/var/audit/*'
|
||||
- 'rm * /private/var/log/system.log*'
|
||||
condition: keywords
|
||||
falsepositives:
|
||||
- Legitimate administration activities
|
||||
|
||||
Reference in New Issue
Block a user