github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 07:37:32 +00:00
Code Issues Projects Releases Wiki Activity

rule update(Detect crypto miners using the Stratum protocol): update protocols

Browse Source 
Signed-off-by: Shay Berkovich <Sberkovich@blackberry.com>
Co-authored-by: Meera Balsara <mbalsara@blackberry.com>
This commit is contained in:
Shay Berkovich 2021-10-13 11:13:49 +03:00 committed by poiana
parent d989e9c2d5
commit fdcd7bffd0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/falco_rules.yaml
View File

@ -2820,7 +2820,7 @@
- rule: Detect crypto miners using the Stratum protocol - rule: Detect crypto miners using the Stratum protocol
desc: Miners typically specify the mining pool to connect to with a URI that begins with 'stratum+tcp' desc: Miners typically specify the mining pool to connect to with a URI that begins with 'stratum+tcp'
condition: spawned_process and proc.cmdline contains "stratum+tcp" condition: spawned_process and (proc.cmdline contains "stratum+tcp" or proc.cmdline contains "stratum2+tcp" or proc.cmdline contains "stratum+ssl" or proc.cmdline contains "stratum2+ssl")
output: Possible miner running (command=%proc.cmdline container=%container.info image=%container.image.repository) output: Possible miner running (command=%proc.cmdline container=%container.info image=%container.image.repository)
priority: CRITICAL priority: CRITICAL
tags: [process, mitre_execution] tags: [process, mitre_execution]