Techniques
Sample rules
Hping Process Activity
- source: elastic
- technicques:
- T1082
Description
Hping ran on a Linux host. Hping is a FOSS command-line packet analyzer and has the ability to construct network packets for a wide variety of network security testing applications, including scanning and firewall auditing.
Detection logic
process where host.os.type == "linux" and event.type == "start" and event.action in ("exec", "exec_event", "executed", "process_started")
and process.name in ("hping", "hping2", "hping3")