Sigma rules · CVE-1999-1090 · threatengine.sh

Home/CVE-1999-1090/Sigma rules

Sigma

Sigma rules for CVE-1999-1090

1 rules · scoped to cve · back to CVE-1999-1090

Direct rules mention this entity in their title or description. Related rules cover the techniques this entity is known to use.

◈

Detection rules

1 of 1

direct high

OpenCanary - Telnet Login Attempt

Detects instances where a Telnet service on an OpenCanary node has had a login attempt.

status test author Security Onion Solutions id 512cff7a-683a-43ad-afe0-dd398e872f36 license Sigma · DRL-1.1

view Sigma YAML

title: OpenCanary - Telnet Login Attempt
id: 512cff7a-683a-43ad-afe0-dd398e872f36
status: test
description: Detects instances where a Telnet service on an OpenCanary node has had a login attempt.
references:
    - https://opencanary.readthedocs.io/en/latest/starting/configuration.html#services-configuration
    - https://github.com/thinkst/opencanary/blob/a0896adfcaf0328cfd5829fe10d2878c7445138e/opencanary/logger.py#L52
author: Security Onion Solutions
date: 2024-03-08
tags:
    - attack.privilege-escalation
    - attack.persistence
    - attack.initial-access
    - attack.command-and-control
    - attack.stealth
    - attack.t1133
    - attack.t1078
logsource:
    category: application
    product: opencanary
detection:
    selection:
        logtype: 6001
    condition: selection
falsepositives:
    - Unlikely
level: high

Showing 1-1 of 1

Prev 1 Next