Update README.md

Author: Loginsoft-Research

README.md

@@ -1,2 +1,25 @@
 # Linux-Exploit-Detection
-Linux based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara
+Linux-based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Rego/Sigma
+
+This is an experimental project to evaluate possible ways to detect exploits (CVE) in a Linux environment (HOST/Container/Cloud) using 
+ - `ebpf` based - Falco Runtime Security
+ - Analytic + Memory based - Osquery + Yara
+ - Policy based - Rego + OPA/Tracee
+ - Log based - Sigma
+ 
+We were able to detect the majority of the exploits through `ebpf` or `kprobe` instrumentation by analyzing the syscalls. Both `Falco` and `Rego` approaches worked accurately in Host & Containerized environments. However, there are a few limitations in all of the above approaches, stay tuned - the blog coming out soon.
+
+
+### Detections available for the following CVE in the respective folders
+
+ - [CVE-2022-36804](Atlassian-Bitbucket/CVE-2022-36804) - Atlassian-Bitbucket
+ - [CVE-2022-26134](Atlassian-Confluence/CVE-2022-26134) - Atlassian-Confluence
+ - [CVE-2023-0669](GoAnywhere-MFT/CVE-2023-0669)  - GoAnywhere-MFT
+ - [CVE-2023-27350](PaperCut/CVE-2023-27350/Falco/falco-cve-2023-27350.yaml) - PaperCut
+ - [CVE-2023-27351](PaperCut/CVE-2023-27351/Falco/falco-cve-2023-27351.yaml) - PaperCut 
+ - [CVE-2023-33246](RocketMQ/CVE-2023-33246) - RocketMQ
+ - [CVE-2022-29464](WSO2/CVE-2022-29464/Falco/falco-cve-2022-29464.yaml) - WSO2
+
+More to come...
+
+All of these detections were tested in a host & containerized environment where reproduced the exploit and captured required events. The rules in the repository can lead to performance overhead, we would suggest testing it before using it in a production environment.