IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Security Software Discovery via Grep Sensitive Files Compression »
Elastic Docs Elastic Security Solution [8.8] Detections and alerts Prebuilt rule reference

Segfault Detected

edit

Segfault Detected

edit

Monitors kernel logs for segfault messages. A segfault, or segmentation fault, is an error that occurs when a program tries to access a memory location that it’s not allowed to access, typically leading to program termination. A segfault can be an indication of malicious behavior if it results from attempts to exploit buffer overflows or other vulnerabilities in software to execute arbitrary code or disrupt its normal operation.

Rule type: query

Rule indices:

  • logs-system.syslog-*

Severity: low

Risk score: 21

Runs every: 5m

Searches indices from: now-9m (Date Math format, see also Additional look-back time)

Maximum alerts per execution: 100

References: None

Tags:

  • Domain: Endpoint
  • OS: Linux
  • Use Case: Threat Detection
  • Tactic: Execution
  • Rule Type: BBR

Version: 1

Rule authors:

  • Elastic

Rule license: Elastic License v2

Rule query

edit
host.os.type:linux and event.dataset:"system.syslog" and process.name:kernel and message:segfault

Framework: MITRE ATT&CKTM

« Security Software Discovery via Grep Sensitive Files Compression »