forked from zinint/OSCD_Sigma-ART_Layers
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sigma-navigator-layer-linux.json
105 lines (105 loc) · 2.58 KB
/
sigma-navigator-layer-linux.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
{
"domain": "mitre-enterprise",
"name": "Sigma rules coverage (GNU/Linux)",
"gradient": {
"colors": [
"#a0eab5",
"#0f480f"
],
"maxValue": 18,
"minValue": 0
},
"version": "4.3",
"techniques": [
{
"techniqueID": "T1059.004",
"score": 200,
"comment": "lnx_apt_equationgroup_lnx.yml\r\nlnx_shell_priv_esc_prep.yml\r\nlnx_shell_susp_commands.yml\r\nlnx_shell_susp_rev_shells.yml\r\nlnx_susp_jexboss.yml\r\nlnx_auditd_susp_cmds.yml"
},
{
"techniqueID": "T1222.002",
"score": 200,
"comment": "lnx_chattr_immutable_removal.yml\r\nlnx_file_or_folder_permissions.yml"
},
{
"techniqueID": "T1485",
"score": 200,
"comment": "lnx_dd_delete_file.yml"
},
{
"techniqueID": "T1105",
"score": 200,
"comment": "lnx_file_copy.yml"
},
{
"techniqueID": "T1543.002",
"score": 200,
"comment": "lnx_pers_systemd_reload.yml"
},
{
"techniqueID": "T1070.003",
"score": 200,
"comment": "lnx_shell_clear_cmd_history.yml"
},
{
"techniqueID": "T1068",
"score": 200,
"comment": "lnx_sudo_cve_2019_14287.yml"
},
{
"techniqueID": "T1169",
"score": 200,
"comment": "lnx_sudo_cve_2019_14287.yml"
},
{
"techniqueID": "T1190",
"score": 200,
"comment": "lnx_susp_named.yml\r\nlnx_susp_ssh.yml\r\nlnx_susp_vsftp.yml"
},
{
"techniqueID": "T1546.004",
"score": 200,
"comment": "lnx_auditd_alter_bash_profile.yml"
},
{
"techniqueID": "T1562.006",
"score": 200,
"comment": "lnx_auditd_auditing_config_change.yml\r\nlnx_auditd_logging_config_change.yml"
},
{
"techniqueID": "T1136.001",
"score": 200,
"comment": "lnx_auditd_create_account.yml"
},
{
"techniqueID": "T1574.006",
"score": 200,
"comment": "lnx_auditd_ld_so_preload_mod.yml"
},
{
"techniqueID": "T1036.003",
"score": 200,
"comment": "lnx_auditd_masquerading_crond.yml"
},
{
"techniqueID": "T1033",
"score": 200,
"comment": "lnx_auditd_user_discovery.yml"
},
{
"techniqueID": "T1505.003",
"score": 200,
"comment": "lnx_auditd_web_rce.yml"
},
{
"techniqueID": "T1560.001",
"score": 200,
"comment": "lnx_data_compressed.yml"
},
{
"techniqueID": "T1040",
"score": 200,
"comment": "lnx_network_sniffing.yml"
}
]
}