Rule Info
Name
Execution Of Script Located In Potentially Suspicious Directory
Author
Joseliyo Sanchez, @Joseliyo_Jstnk
Description
Detects executions of scripts located in potentially suspicious locations such as "/tmp" via a shell such as "bash", "sh", etc.
Date
2023-06-02 00:00:00
Modified
None
Id
30bcce26-51c5-49f2-99c8-7b59e3af36c7
Tags
attack.execution DEMO
Type
Community Rule
Link to Public Repo