From d14d5429e804c4aa4847e7c000ca46cf81543016 Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Mon, 23 Sep 2024 11:24:03 -0400 Subject: [PATCH] swap extra tag between udev and systemd --- detection/persistence/suspicious-systemd-unit.sql | 2 +- detection/persistence/suspicious-udev-runner-linux.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/detection/persistence/suspicious-systemd-unit.sql b/detection/persistence/suspicious-systemd-unit.sql index f968128..9742803 100644 --- a/detection/persistence/suspicious-systemd-unit.sql +++ b/detection/persistence/suspicious-systemd-unit.sql @@ -8,7 +8,7 @@ -- false positives: -- * home-made systemd files -- --- tags: persistent filesystem systemd +-- tags: persistent filesystem systemd extra -- platform: linux SELECT file.path, diff --git a/detection/persistence/suspicious-udev-runner-linux.sql b/detection/persistence/suspicious-udev-runner-linux.sql index 3504032..8b6c62f 100644 --- a/detection/persistence/suspicious-udev-runner-linux.sql +++ b/detection/persistence/suspicious-udev-runner-linux.sql @@ -4,7 +4,7 @@ -- * https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp -- * https://ch4ik0.github.io/en/posts/leveraging-Linux-udev-for-persistence/ -- --- tags: volume filesystem extra +-- tags: volume filesystem -- platform: linux SELECT file.path,