Connection Proxy
Detects setting proxy configuration
Sigma rule (View on GitHub)
1title: Connection Proxy
2id: 72f4ab3f-787d-495d-a55d-68c2ff46cf4c
3status: test
4description: Detects setting proxy configuration
5references:
6 - https://attack.mitre.org/techniques/T1090/
7author: Ömer Günal
8date: 2020/06/17
9modified: 2022/10/05
10tags:
11 - attack.defense_evasion
12 - attack.t1090
13logsource:
14 product: linux
15 category: process_creation
16detection:
17 selection:
18 CommandLine|contains:
19 - 'http_proxy='
20 - 'https_proxy='
21 condition: selection
22falsepositives:
23 - Legitimate administration activities
24level: low
References
Related rules
- Auditing Configuration Changes on Linux Host
- Clear Linux Logs
- File Deletion
- File or Folder Permissions Change
- Install Root Certificate