Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Definition to Auditd susp_activity #5142

Open
BalsamicSentry opened this issue Dec 25, 2024 · 1 comment
Open

Add Definition to Auditd susp_activity #5142

BalsamicSentry opened this issue Dec 25, 2024 · 1 comment

Comments

@BalsamicSentry
Copy link

I'd like to suggest adding a definition field to an Auditd rule that requires specific rules to be applied.

image

image

I see that the reference and description of the rule mention that the Auditd rule is custom, but I think it would be more clear if definition was added.

This is my first issue, sorry if I do something wrong
@github-actions GitHub Actions
Copy link
Contributor

Welcome @BalsamicSentry 👋

It looks like this is your first issue on the Sigma rules repository!

The following repository accepts issues related to false positives or 'rule ideas'.

If you're reporting an issue related to the pySigma library please consider submitting it here

If you're reporting an issue related to the deprecated sigmac library please consider submitting it here

Thanks for taking the time to open this issue, and welcome to the Sigma community! 😃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BalsamicSentry