security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
e91fc4486e57fc40e30d12253694de4c80a9e4ea
blue-team-tools/rules/linux/builtin/lnx_shell_susp_log_entries.yml
T
frack113 01dc930c17 Change status for old rules
2021-11-27 11:33:14 +01:00

22 lines
479 B
YAML
Raw Blame History

title: Suspicious Log Entries
id: f64b6e9a-5d9d-48a5-8289-e1dd2b3876e1
status: test
description: Detects suspicious log entries in Linux log files
author: Florian Roth
date: 2017/03/25
modified: 2021/11/27
logsource:
product: linux
detection:
keywords:
- entered promiscuous mode
- Deactivating service
- Oversized packet received from
- imuxsock begins to drop messages
condition: keywords
falsepositives:
- Unknown
level: medium
tags:
- attack.impact
Reference in New Issue View Git Blame Copy Permalink