← Library
kqlElastic-2.0from elastic/detection-rules

Suspicious Usage of bpf_probe_write_user Helper

Quality
92
FP risk
Forks
0
Views
0
ATT&CK techniques
T1547T1547.006T1014
Rule sourcerules/linux/persistence_bpf_probe_write_user.toml
host.os.type:linux and data_stream.dataset:"system.syslog" and process.name:kernel and message:"bpf_probe_write_user"