Optional detection of modifications to the sudoers file (Sudoers File Modified)
Optional detection of new scripts being executed, complimentary to new files being executed (New Script Executed, and New Script Executed in Container)
Basic detection of kernel return oriented programming (ROP) which can be used as part of a kernel exploit (Kernel ROP)
Optional detection of non-root programs creating new namespaces which can be used as part of kernel exploits (Unprivileged Unshare)
Audit-level notifications when a drop in coverage is detected due to high system load (Coverage Drop Detected)
Improvements
Fix potential false positives in the Remote Access Tool Download policy
Comments
0 comments
Article is closed for comments.