security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update and rename BPFDoor_abnormal_process_id_or_lock_file_accessed.yml to lnx_auditd_BPFDoor_file_accessed.yml

Browse Source
This commit is contained in:
Zandmann
2022-08-11 18:59:58 +02:00
committed by GitHub
parent a1b9065a19
commit f001d35c8b
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/linux/auditd/BPFDoor_abnormal_process_id_or_lock_file_accessed.yml → rules/linux/auditd/lnx_auditd_BPFDoor_file_accessed.yml
+2 -3
View File
@@ -20,9 +20,8 @@ detection:
condition: selection
tags:
- attack.execution
- attack.T1106
- attack.T1070
- attack.T1059
- attack.t1106
- attack.t1059
falsepositives:
- Less Likely
level: high