New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[New Rule] Process Backgrounded by Unusual Parent #3713

Open

Aegrah opened this issue May 27, 2024 · 0 comments · May be fixed by #4431

Assignees

Labels

backlog OS: Linux Rule: New Team: TRADE

Contributor

Aegrah commented May 27, 2024

Summary

event.category:process and host.os.type:linux and event.type:start and event.action:exec and process.name:(bash or dash or sh or tcsh or csh or zsh or ksh or fish) and process.args:"-c" and process.args:*&

process.parent.executable --> new_terms field

The text was updated successfully, but these errors were encountered:

Aegrah added OS: Linux Rule: New Area: RAD Team: TRADE labels

Aegrah self-assigned this

Mikaayenson removed the Area: RAD label

Mikaayenson added the backlog label

Aegrah linked a pull request

that will close this issue

[New Rule] Process Backgrounded by Unusual Parent #4431

Open

Aegrah linked a pull request

that will close this issue

[New Rule] Process Backgrounded by Unusual Parent #4431

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment