security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
846016815269b47bd20c571fb4da0dcf4e10b8fd
blue-team-tools/rules/linux/process_creation/proc_creation_lnx_sed_command.yml
T
tuan 8460168152 Update rule use sed
2022-03-14 22:13:14 +07:00

23 lines
612 B
YAML
Raw Blame History

title: Edit Linux Texts
id: ea3fgcdf3-db86-9f48-hgb3-659a29d4db89
status: test
description: Detects suspicious commands for edit text using sed
author: TuanLe (GTSC)
date: 2022/03/14
references:
- https://www.geeksforgeeks.org/sed-command-in-linux-unix-with-examples/
logsource:
product: linux
category: process_creation
detection:
selection:
Image|contains:
- '/sed'
CommandLine|contains:
- '-i'
condition: selection
falsepositives:
- Legitimate administration activities
level: medium
tags:
- attack.privilege_escalation
Reference in New Issue View Git Blame Copy Permalink