Process Execution Error In JVM Based Application

Detects process execution related exceptions in JVM based apps, often relates to RCE

Sigma rule (View on GitHub)

 1title: Process Execution Error In JVM Based Application
 2id: d65f37da-a26a-48f8-8159-3dde96680ad2
 3status: test
 4description: Detects process execution related exceptions in JVM based apps, often relates to RCE
 5references:
 6    - https://www.wix.engineering/post/threat-and-vulnerability-hunting-with-application-server-error-logs
 7author: Moti Harmats
 8date: 2023/02/11
 9tags:
10    - attack.initial_access
11    - attack.t1190
12logsource:
13    category: application
14    product: jvm
15    definition: 'Requirements: application error logs must be collected (with LOG_LEVEL=ERROR and above)'
16detection:
17    keywords:
18        - 'Cannot run program'
19        - 'java.lang.ProcessImpl'
20        - 'java.lang.ProcessBuilder'
21    condition: keywords
22falsepositives:
23    - Application bugs
24level: high

References

Related rules

to-top