Description updation across multiple rules (#1893)
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
This commit is contained in:
shashank-elastic
@@ -1,13 +1,14 @@
|
||||
[metadata]
|
||||
creation_date = "2022/03/09"
|
||||
maturity = "production"
|
||||
updated_date = "2022/03/17"
|
||||
updated_date = "2022/03/28"
|
||||
|
||||
[rule]
|
||||
author = ["Elastic"]
|
||||
description = """
|
||||
Identifies Linux binary gcc abuse to break out from restricted environments by spawning an interactive system shell.This
|
||||
activity is not standard use with this binary for a user or system administrator and could potentially indicate
|
||||
Identifies Linux binary gcc abuse to break out from restricted environments by spawning an interactive system shell.The
|
||||
gcc utility is a complier system for various languages and mainly used to complie C and C++ programs and the activity of
|
||||
spawning shell is not a standard use of this binary for a user or system administrator.It indicates a potentially
|
||||
malicious actor attempting to improve the capabilities or stability of their access.
|
||||
"""
|
||||
from = "now-9m"
|
||||
|
||||
Reference in New Issue
Block a user