paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 08:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 200200-osquery.xml

Browse Source
This commit is contained in:
taylor_socfortress
2025-02-11 15:13:57 -06:00
committed by GitHub
parent 69fd6c285b
commit 5c48f70eeb
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Osquery/200200-osquery.xml
View File

@@ -579,7 +579,7 @@
</rule>
<!-- https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_system_info_discovery.yml -->
<rule id="200284" level="12">
<rule id="200284" level="10">
<if_sid>200223</if_sid>
<field name="columns.cmdline">/etc/lsb-release|/etc/redhat-release|/etc/issue|/sys/class/dmi/id/bios_version|/sys/class/dmi/id/product_name|/sys/class/dmi/id/chassis_vendor|/proc/scsi/scsi|/proc/ide/hd0/model|/proc/version</field>
<description>Detects System Information Discovery commands.</description>