| hidden_module_detect |
Hidden kernel module |
Hidden Kernel Module Detected |
后门驻留 |
Hooks |
critical |
| bruteforce_single_source_detect |
Bruteforce from single-source |
Bruteforce from single source address |
暴力破解 |
Log Monitor |
medium |
| bruteforce_multi_source_detect |
Bruteforce from multi-sources |
Bruteforce from multiple source addresses |
暴力破解 |
Log Monitor |
medium |
| bruteforce_success_detect |
Bruteforce success |
Bruteforce login attempt ended with succesful password login |
暴力破解 |
Log Monitor |
critical |
| binary_file_hijack_detect1 |
Binary file hijack |
Common binary file hijacking, file creation detection |
变形木马 |
execve |
medium |
| binary_file_hijack_detect2 |
Binary file hijack |
Common binary file Hijacking, file renaming detection |
变形木马 |
execve |
critical |
| binary_file_hijack_detect3 |
Binary file hijack |
Common binary file hijacking, file linkage detection |
变形木马 |
execve |
critical |
| user_credential_escalation_detect |
User credential escalation |
Non-root user escalate to root privilege |
提权攻击 |
Log Monitor |
medium |
| privilege_escalation_suid_sgid_detect_1 |
User credential escalation |
Non-root user escalete privilege with suid/sgid |
提权攻击 |
Log Monitor |
medium |
| privilege_escalation_suid_sgid_detect_2 |
User credential escalation |
Non-root user escalete privilege with suid/sgid |
提权攻击 |
execve |
medium |
| reverse_shell_detect_basic |
Reverse shell |
Reverse Shell With Connection |
代码执行 |
execve |
critical |
| reverse_shell_detect_argv |
Reverse shell |
Reverse-shell-like argv during execution |
代码执行 |
execve |
high |
| reverse_shell_detect_exec |
Reverse shell |
Reverse shell with exec |
代码执行 |
execve |
high |
| reverse_shell_detect_pipe |
Reverse shell |
Reverse shell with pipe |
代码执行 |
execve |
high |
| reverse_shell_detect_perl |
Reverse shell |
Reverse shell with Perl |
代码执行 |
execve |
high |
| reverse_shell_detect_python |
Reverse shell |
Reverse shell with Python |
代码执行 |
execve |
high |
| bind_shell_awk_detect |
Bind shell with awk |
Suspecious bind shell with awk |
代码执行 |
execve |
high |
| pipe_shell_detect |
Double-piped reverse shell |
Double-piped reverse shell |
代码执行 |
execve |
high |
| suspicious_rce_from_consul_service_detect |
Suspecious RCE like behavior |
Suspecious RCE like behaviors from Consul service |
试探入侵 |
execve |
high |
| suspicious_rce_from_mysql_service_detect |
Suspecious RCE like behavior |
Suspecious RCE like behaviors from mysql service |
试探入侵 |
execve |
high |
| dnslog_detect1 |
Suspecious query to dnslog |
Suspecious dnslog like query on hosts |
试探入侵 |
execve |
high |
| dnslog_detect2 |
Suspecious query to dnslog |
Suspecious dnslog like query on hosts |
试探入侵 |
execve |
high |
| container_escape_mount_drive_detect |
Container escape with mounted drive |
Unnecessary behavior inside contianer, mount drive |
提权攻击 |
execve |
high |
| container_escape_usermode_helper_detect |
Container escape with usermodehelper |
Suspecious contianer escape with usermode helper |
提权攻击 |
execve |
high |
| signature_scan_maliciou_files_detect |
Malicious files |
Detected abnormal files with maliciou singnature |
静态扫描 |
execve |
high |