 Ruben Groenewoud
|
f8f3576971
|
[New Rule] Potential UDP Reverse Shell (#2906)
* [New Rule] Potential UDP Reverse Shell Detected
* Title change
* Update execution_shell_via_udp_cli_utility_linux.toml
* Update execution_shell_via_udp_cli_utility_linux.toml
* Update rules/linux/execution_shell_via_udp_cli_utility_linux.toml
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
* updated non-ecs-schema to update unmapped fields
* Update rules/linux/execution_shell_via_udp_cli_utility_linux.toml
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
* Removed netcat, added destination ip list
* Update execution_shell_via_udp_cli_utility_linux.toml
* Added precautionary exclusions
* Update rules/linux/execution_shell_via_udp_cli_utility_linux.toml
* replaced schema files
* Update execution_shell_via_udp_cli_utility_linux.toml
* Update execution_shell_via_udp_cli_utility_linux.toml
* Update execution_shell_via_udp_cli_utility_linux.toml
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
|
2023-09-07 17:13:22 +02:00 |
|