sigma icon indicating copy to clipboard operation
sigma copied to clipboard
verified publisher icon SigmaHQ

Add Definition to Auditd susp_activity

Open BalsamicSentry opened this issue 1 year ago • 1 comments

I'd like to suggest adding a definition field to an Auditd rule that requires specific rules to be applied.

image

image

I see that the reference and description of the rule mention that the Auditd rule is custom, but I think it would be more clear if definition was added.

This is my first issue, sorry if I do something wrong

BalsamicSentry avatar Dec 25 '24 05:12 BalsamicSentry

Welcome @BalsamicSentry :wave:

It looks like this is your first issue on the Sigma rules repository!

The following repository accepts issues related to false positives or 'rule ideas'.

If you're reporting an issue related to the pySigma library please consider submitting it here

If you're reporting an issue related to the deprecated sigmac library please consider submitting it here

Thanks for taking the time to open this issue, and welcome to the Sigma community! :smiley:

github-actions[bot] avatar Dec 25 '24 05:12 github-actions[bot]

Closing as definition has been updated and merged.

swachchhanda000 avatar Oct 18 '25 01:10 swachchhanda000