Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use parent process name signature for Caldera Implant #2339

Open
RomuDeuxfois opened this issue Jan 31, 2025 · 2 comments
Open

Use parent process name signature for Caldera Implant #2339

RomuDeuxfois opened this issue Jan 31, 2025 · 2 comments
Assignees
@savacano28 @damgouj
Labels
bug use for describing something not working as expected
Milestone
Bugs backlog

Comments

@RomuDeuxfois
Copy link
Member

Description

For the OpenBAS implant we create just one signature: EXPECTATION_SIGNATURE_TYPE_PARENT_PROCESS_NAME.
And for Caldera implant we create multiple signatures depending on the payload type (command line, drop file, ect).

We currently have detection issues with a caldera implant and Crowdstrike collector. So we need to use EXPECTATION_SIGNATURE_TYPE_PARENT_PROCESS_NAME for Caldera Implant as well.
@RomuDeuxfois RomuDeuxfois added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Jan 31, 2025
@RomuDeuxfois RomuDeuxfois mentioned this issue Jan 31, 2025
Open
@EllynBsc EllynBsc removed the needs triage use to identify issue needing triage from Filigran Product team label Jan 31, 2025
@EllynBsc EllynBsc added this to the Bugs backlog milestone Jan 31, 2025
@jborozco
Copy link

Not critical but to put to master in case we do a minor

@savacano28
Copy link
Contributor

savacano28 commented Feb 11, 2025
edited
Loading

@damgouj This issue could be fixed after #1860?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@savacano28 savacano28

@damgouj damgouj

Labels
bug use for describing something not working as expected
Projects
None yet
Milestone
Bugs backlog
Development

No branches or pull requests
5 participants
@savacano28 @EllynBsc @jborozco @RomuDeuxfois @damgouj