Techniques
Sample rules
Linux Package Uninstall
- source: sigma
- technicques:
- t1070
Description
Detects linux package removal using builtin tools such as “yum”, “apt”, “apt-get” or “dpkg”.
Detection logic
condition: 1 of selection_*
selection_apt:
CommandLine|contains:
- remove
- purge
Image|endswith:
- /apt
- /apt-get
selection_dpkg:
CommandLine|contains:
- '--remove '
- ' -r '
Image|endswith: /dpkg
selection_rpm:
CommandLine|contains: ' -e '
Image|endswith: /rpm
selection_yum:
CommandLine|contains:
- erase
- remove
Image|endswith: /yum