LoFP
/
t1059.004
t1059.004
Title
Tags
admin activity
t1033
t1059
t1059.004
t1070
t1070.001
t1136
t1136.001
t1485
t1505
t1505.003
t1546
t1546.001
t1562
t1562.002
t1562.004
windows
linux
sigma
administrators or installed processes that leverage nohup
t1059
t1059.004
linux
sigma
false positives may be present based on legitimate software being utilized. filter as needed.
t1027
t1059.004
endpoint
splunk
legitimate software that uses these patterns
t1036
t1059
t1059.004
t1140
linux
sigma
legitimate usage of the unsafe option
t1059
t1059.004
linux
sigma
unless an administrator is using these commands to troubleshoot or audit a system, the execution of these commands should be monitored.
t1059.004
endpoint
splunk
valid changes to the startup script
t1059
t1059.001
t1059.003
t1059.004
aws
sigma
LoFP
/
t1059.004