OpenCanary - REDIS Action Command Attempt
Detects instances where a REDIS service on an OpenCanary node has had an action command attempted.
Sigma rule (View on GitHub)
1title: OpenCanary - REDIS Action Command Attempt
2id: 547dfc53-ebf6-4afe-8d2e-793d9574975d
3status: experimental
4description: Detects instances where a REDIS service on an OpenCanary node has had an action command attempted.
5references:
6 - https://opencanary.readthedocs.io/en/latest/starting/configuration.html#services-configuration
7 - https://github.com/thinkst/opencanary/blob/a0896adfcaf0328cfd5829fe10d2878c7445138e/opencanary/logger.py#L52
8author: Security Onion Solutions
9date: 2024-03-08
10tags:
11 - attack.credential-access
12 - attack.collection
13 - attack.t1003
14 - attack.t1213
15logsource:
16 category: application
17 product: opencanary
18detection:
19 selection:
20 logtype: 17001
21 condition: selection
22falsepositives:
23 - Unlikely
24level: high
References
-
Configuration Since we have many services, and each service has a few options, we have listed them all for you. Services Configuration We have gone ahead and listed all the services by their config...
Read More -
Modular and decentralised honeypot. Contribute to thinkst/opencanary development by creating an account on GitHub.
Read More
Related rules
- OpenCanary - MSSQL Login Attempt Via SQLAuth
- OpenCanary - MSSQL Login Attempt Via Windows Authentication
- OpenCanary - MySQL Login Attempt
- Access To Crypto Currency Wallets By Uncommon Applications
- Automated Collection Command Prompt