mirror of
https://github.com/socfortress/Wazuh-Rules.git
synced 2025-10-23 00:02:11 +00:00
Add Beelzebub rule for SSH terminal interaction
This commit is contained in:
taylor_socfortress
committed by
GitHub
GitHub
parent
8763616267
commit
665c7ab5ee
7
Beelzebub/100660-beelzebub.xml
Normal file
7
Beelzebub/100660-beelzebub.xml
Normal file
@@ -0,0 +1,7 @@
|
||||
<group name="beelzebub,">
|
||||
<rule id="100660" level="12">
|
||||
<field name="event.Msg" type="pcre2">^SSH Terminal Session Interaction$</field>
|
||||
<description>Honeypot SSH Terminal Session Interaction.</description>
|
||||
<group>honeypot,ssh,</group>
|
||||
</rule>
|
||||
</group>
|
||||
Reference in New Issue
Block a user