Detects file creation in init system directories. File creation in these directories can be used for script execution on machine boot.
Source table → box.unix
Detects for the dd command being used to overwrite a file. This is a powerful tool that can be abused for data destruction purposes, and could potentially render data irrecoverable.
Source table → box.unix
Detects a potentially malicious Scp execution. This could indicate that an attacker could be trying to exfiltrate from or download a file to the target machine.
Source table → box.unix
Detects suspicious file creation in the systemd directory.
