security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

fix: broken selections

Browse Source
This commit is contained in:
Nasreddine Bencherchali
2023-01-06 17:28:29 +01:00
parent e56d3763b5
commit ea4b844c8e
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/linux/builtin/lnx_susp_dev_tcp.yml
+1 -1
View File
@@ -25,7 +25,7 @@ detection:
- '(sh)0>/dev/tcp/'
- 'bash -c ''bash -i >& /dev/tcp/'
- 'echo -e ''#!/bin/bash\nbash -i >& /dev/tcp/'
condition: 1 of keywords
condition: keywords
falsepositives:
- Unknown
level: medium
rules/windows/builtin/msexchange/win_exchange_proxylogon_oabvirtualdir.yml
+3 -2
View File
@@ -14,14 +14,15 @@ logsource:
product: windows
service: msexchange-management
detection:
keywords:
keywords_cmdlet:
- 'OabVirtualDirectory'
- ' -ExternalUrl '
keywords_params:
- 'eval(request'
- 'http://f/<script'
- '"unsafe"};'
- 'function Page_Load()'
condition: all of keywords
condition: all of keywords_cmdlet and keywords_params
falsepositives:
- Unlikely
level: critical