paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-11-03 05:13:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 200200-osquery.xml

Browse Source
This commit is contained in:
taylor_socfortress
2023-03-14 10:23:19 -05:00
committed by GitHub
parent 0664bbf9ee
commit f94a96852f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Osquery/200200-osquery.xml
View File

@@ -615,7 +615,7 @@
</rule>
<!-- https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_user_discovery.yml -->
<rule id="200287" level="12">
<rule id="200287" level="10">
<if_sid>200223</if_sid>
<field name="columns.cmdline">^users$|^w$|^who$</field>
<description>Adversaries may use the information from System Owner/User Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.</description>