sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Samirbous	80f3ed464c	[New/Tuning] Chroot Execution in Container Context on Linux (#5992 ) * [New/Tuning] Chroot Execution in Container Context on Linux New rule compatible with auditd and ED using process.title and process.entry_leader.entry_meta.type and tuned an existing one (bum-up severity to high). * Update rules/linux/privilege_escalation_chroot_execution_container_context.toml Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com> --------- Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>	2026-05-02 13:45:21 +01:00

Author

SHA1

Message

Date

Samirbous

80f3ed464c

[New/Tuning] Chroot Execution in Container Context on Linux (#5992 )

* [New/Tuning] Chroot Execution in Container Context on Linux

New rule compatible with auditd and ED using process.title and process.entry_leader.entry_meta.type and tuned an existing one (bum-up severity to high).

* Update rules/linux/privilege_escalation_chroot_execution_container_context.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

2026-05-02 13:45:21 +01:00

1 Commits