Potential Suspicious Change To Sensitive/Critical Files

Rule Info

Name
Potential Suspicious Change To Sensitive/Critical Files
Author
@d4ns4n_ (Wuerth-Phoenix)
Description
Detects changes of sensitive and critical files. Monitors files that you don't expect to change without planning on Linux system.
Reference
https://docs.microsoft.com/en-us/azure/defender-for-cloud/file-integrity-monitoring-overview#which-files-should-i-monitor
Date
2023-05-30 00:00:00
Modified
None
Id
86157017-c2b1-4d4a-8c33-93b8e67e4af4
Tags
attack.impact attack.t1565.001 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=86157017-c2b1-4d4a-8c33-93b8e67e4af4

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4791 from @nasbench - Promote older rules status from `experimental` to `test`
2024-04-01
a8e1ecd65
dan21san
feat: add new rule related to linux sensitive file tampering (#4263)
2023-05-30
331a65103
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022