security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Rule Tuning] D-Bus Service Created (#5076)

Browse Source
This commit is contained in:
Ruben Groenewoud
2025-09-09 15:33:58 +02:00
committed by GitHub
parent 375082729a
commit 0f0f16bdee
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/linux/persistence_dbus_service_creation.toml
+1 -2
View File
@@ -2,7 +2,7 @@
creation_date = "2025/01/16"
integration = ["endpoint", "sentinel_one_cloud_funnel"]
maturity = "production"
updated_date = "2025/03/20"
updated_date = "2025/09/09"
[rule]
author = ["Elastic"]
@@ -117,7 +117,6 @@ file.extension in ("service", "conf") and file.path like~ (
"/usr/sbin/sshd", "/usr/bin/gitlab-runner", "/opt/gitlab/embedded/bin/ruby", "/usr/sbin/gdm", "/usr/bin/install",
"/usr/local/manageengine/uems_agent/bin/dcregister"
) or
file.Ext.original.extension == "dpkg-new" or
process.executable : (
"/nix/store/*", "/var/lib/dpkg/*", "/tmp/vmis.*", "/snap/*", "/dev/fd/*", "/usr/lib/virtualbox/*"
) or