blue-team-tools/rules/linux/process_creation/proc_creation_lnx_proxy_connection.yml

title: Connection Proxy
id: 72f4ab3f-787d-495d-a55d-68c2ff46cf4c
status: test
description: Detects setting proxy configuration
author: Ömer Günal
date: 2020-06-17
modified: 2022-10-05
tags:
    - attack.defense-evasion
    - attack.command-and-control
    - attack.t1090
logsource:
    product: linux
    category: process_creation
detection:
    selection:
        CommandLine|contains:
            - 'http_proxy='
            - 'https_proxy='
    condition: selection
falsepositives:
    - Legitimate administration activities
level: low