title: Suspicious Log Entries
description: Detects suspicious log entries in Linux log files
author: Florian Roth
logsource:
    product: linux
detection:
    keywords:
        # Generic suspicious log lines
        - 'entered promiscuous mode'        
    condition: keywords
falsepositives:
    - Unknown
level: high