security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
063bb57dfdabbefb7c84166b7a35dfdabd2b8c90
blue-team-tools/rules/linux/auditd/lnx_auditd_audio_capture.yml
T
frack113 4023bf2c83 Remove mitre url
2023-01-10 18:09:04 +01:00

27 lines
620 B
YAML
Raw Blame History

title: Audio Capture
id: a7af2487-9c2f-42e4-9bb9-ff961f0561d5
status: test
description: Detects attempts to record audio with arecord utility
references:
- https://linux.die.net/man/1/arecord
- https://linuxconfig.org/how-to-test-microphone-with-audio-linux-sound-architecture-alsa
author: 'Pawel Mazur'
date: 2021/09/04
modified: 2022/10/09
tags:
- attack.collection
- attack.t1123
logsource:
product: linux
service: auditd
detection:
selection:
type: EXECVE
a0: arecord
a1: '-vv'
a2: '-fdat'
condition: selection
falsepositives:
- Unknown
level: low
Reference in New Issue View Git Blame Copy Permalink