해시 매치 필드
각 Sandfly 엔진의 결과에서 매치 해시 값에 포함되는 필드 목록입니다. moderate 매치 해시는 항상 permissive 매치 해시 필드를 모두 포함합니다.
sandfly_agent
- 완화:
- 없음
- 중간:
- 없음
sandfly_engine_at_jobs
- 완화:
- atjob.command
- 중간:
- atjob.username
sandfly_engine_btmp
- 완화:
- log.btmp.username
- 중간:
- log.btmp.hostname
- log.btmp.ip_address
sandfly_engine_cloaked_direntry
- 완화:
- file.name
- file.path
- file.magic_num.class
- 중간:
- file.uid
- file.gid
- file.mode
- file.size
- file.size_byte_count
- file.hash.sha512
- file.flags.containerized
sandfly_engine_cron
- 완화:
- cron.command
- 중간:
- cron.path
- cron.username
sandfly_engine_dir
- 완화:
- directory.name
- directory.path
- 중간:
- directory.uid
- directory.gid
- directory.mode
- directory.date.created
- directory.date.modified
- directory.flags.containerized
sandfly_engine_error
- 완화:
- 없음
- 중간:
- 없음
sandfly_engine_file
- 완화:
- file.name
- file.path
- file.magic_num.class
- 중간:
- file.uid
- file.gid
- file.mode
- file.size
- file.size_byte_count
- file.hash.sha512
- file.flags.containerized
sandfly_engine_kmodules
- 완화:
- kernel_module.name
- kernel_module.hidden
- kernel_module.missing_file
- kernel_modules.taints
- 중간:
- kernel_module.module_file_path
- kernel_module.file.uid
- kernel_module.file.mode
- kernel_module.file.hash.sha512
sandfly_engine_lastlog
- 완화:
- log.lastlog.username
- 중간:
- log.lastlog.uid
- log.lastlog.hostname
sandfly_engine_log_tampering_lastlog_history_missing_record
- 완화:
- user.username
- 중간:
- user.groupname
- user.uid
- user.gid
- user.home_dir
- user.gecos
- user.group_membership
sandfly_engine_log_tampering_lastlog_wtmp_missing_record
- 완화:
- log.lastlog.username
- 중간:
- log.lastlog.uid
- log.lastlog.hostname
sandfly_engine_os_identify
- 완화:
- 없음
- 중간:
- 없음
sandfly_engine_process
- 완화:
- process.name
- process.path
- 중간:
- process.hash.sha512
- process.uid
- process.gid
sandfly_engine_process_masquerade_binary_mismatched
- 완화:
- process.name
- process.path
- 중간:
- process.hash.sha512
sandfly_engine_process_masquerade_binary_renamed
- 완화:
- process.name
- process.path
- 중간:
- process.hash.sha512
sandfly_engine_process_masquerade_mixed_case
- 완화:
- process.name
- process.path
- 중간:
- process.hash.sha512
sandfly_engine_systemd
- 완화:
- systemd.context.scope
- systemd.context.uid
- systemd.type
- systemd.load_state
- systemd.active_state
- systemd.service_info.exec_summary
- systemd.socket_info.unit
- 중간:
- systemd.service_info.exec_start.file.uid
- systemd.service_info.exec_start.file.mode
- systemd.service_info.exec_start.file.hash.sha512
- systemd.service_info.exec_start_pre.file.uid
- systemd.service_info.exec_start_pre.file.mode
- systemd.service_info.exec_start_pre.file.hash.sha512
- systemd.service_info.exec_start_post.file.uid
- systemd.service_info.exec_start_post.file.mode
- systemd.service_info.exec_start_post.file.hash.sha512
- systemd.service_info.exec_reload.file.uid
- systemd.service_info.exec_reload.file.mode
- systemd.service_info.exec_reload.file.hash.sha512
- systemd.service_info.exec_stop.file.uid
- systemd.service_info.exec_stop.file.mode
- systemd.service_info.exec_stop.file.hash.sha512
- systemd.service_info.exec_stop_post.file.uid
- systemd.service_info.exec_stop_post.file.mode
- systemd.service_info.exec_stop_post.file.hash.sha512
sandfly_engine_systemd_session
- 완화:
- systemd_user.username
- systemd_user.linger
- 중간:
- systemd_user.uid
- systemd_user.gid
- systemd_user.runtime_path
sandfly_engine_user
- 완화:
- user.username
- 중간:
- user.groupname
- user.uid
- user.gid
- user.home_dir
- user.gecos
- user.group_membership
sandfly_engine_user_password_auditor
- 완화:
- user.username
- 중간:
- user.groupname
- user.uid
- user.gid
- user.home_dir
- user.gecos
- user.group_membership
sandfly_engine_user_password_hash_duplicates
- 완화:
- user.username
- 중간:
- user.groupname
- user.uid
- user.gid
- user.home_dir
- user.gecos
- user.group_membership
sandfly_engine_utmp
- 완화:
- log.utmp.username
- 중간:
- log.utmp.hostname
- log.utmp.ip_address
sandfly_engine_wtmp
- 완화:
- log.wtmp.username
- 중간:
- log.wtmp.hostname
- log.wtmp.ip_address
Updated 7 days ago
이 페이지가 도움이 되었나요?