Josh Brower
eac04262c2
new: OpenCanary - FTP Login Attempt new: OpenCanary - GIT Clone Request new: OpenCanary - HTTP GET Request new: OpenCanary - HTTP POST Login Attempt new: OpenCanary - HTTPPROXY Login Attempt new: OpenCanary - MSSQL Login Attempt Via SQLAuth new: OpenCanary - MSSQL Login Attempt Via Windows Authentication new: OpenCanary - MySQL Login Attempt new: OpenCanary - NTP Monlist Request new: OpenCanary - REDIS Action Command Attempt new: OpenCanary - SIP Request new: OpenCanary - SMB File Open Request new: OpenCanary - SNMP OID Request new: OpenCanary - SSH Login Attempt new: OpenCanary - SSH New Connection Attempt new: OpenCanary - Telnet Login Attempt new: OpenCanary - TFTP Request new: OpenCanary - VNC Connection Attempt --------- Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
23 lines
705 B
YAML
23 lines
705 B
YAML
title: OpenCanary - GIT Clone Request
|
|
id: 4fe17521-aef3-4e6a-9d6b-4a7c8de155a8
|
|
status: experimental
|
|
description: Detects instances where a GIT service on an OpenCanary node has had Git Clone request.
|
|
references:
|
|
- https://opencanary.readthedocs.io/en/latest/starting/configuration.html#services-configuration
|
|
- https://github.com/thinkst/opencanary/blob/a0896adfcaf0328cfd5829fe10d2878c7445138e/opencanary/logger.py#L52
|
|
author: Security Onion Solutions
|
|
date: 2024/03/08
|
|
tags:
|
|
- attack.collection
|
|
- attack.t1213
|
|
logsource:
|
|
category: application
|
|
product: opencanary
|
|
detection:
|
|
selection:
|
|
logtype: 16001
|
|
condition: selection
|
|
falsepositives:
|
|
- Unlikely
|
|
level: high
|