Skip to content

Commit f3e73c6

Browse files
AegrahAegrah
committed
Update query
1 parent 9798f9d commit f3e73c6

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

hunting/linux/docs/persistence_via_web_shell.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
```sql
1818
from logs-endpoint.events.file-*
1919
| keep @timestamp, host.os.type, event.action, file.extension, process.name, agent.id, file.name, process.executable
20-
| where @timestamp > now() - 90 day
20+
| where @timestamp > now() - 30 days
2121
| where host.os.type == "linux" and event.action in ("rename", "creation") and
2222
file.extension in ("php", "py", "pl", "rb", "rs", "lua", "jsp") and not (
2323
// Add your noisy exclusions here

hunting/linux/queries/persistence_via_web_shell.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ query = [
1919
'''
2020
from logs-endpoint.events.file-*
2121
| keep @timestamp, host.os.type, event.action, file.extension, process.name, agent.id, file.name, process.executable
22-
| where @timestamp > now() - 90 day
22+
| where @timestamp > now() - 30 days
2323
| where host.os.type == "linux" and event.action in ("rename", "creation") and
2424
file.extension in ("php", "py", "pl", "rb", "rs", "lua", "jsp") and not (
2525
// Add your noisy exclusions here

0 commit comments

Comments
 (0)