Product
medium
threat
Unusual Child Process Execution from Linux Web Servers
2 rules 4 TTPsThis rule detects unusual child process executions originating from web server processes on Linux systems, which attackers may use to maintain persistence on a compromised system by exploiting web server vulnerabilities.
Jira +20
persistence
execution
command_and_control
initial_access
linux
webserver
2r
4t
medium
threat
Suspicious Command Execution via Web Server on Linux
2 rules 3 TTPsIdentifies suspicious command executions via a web server on Linux systems, which may suggest a vulnerability and remote shell access.
Elastic Defend +43
persistence
initial-access
vulnerability
linux
2r
3t
critical
advisory
Eclipse GlassFish EL Injection Vulnerability (CVE-2026-2587) Exploit Publicly Available
2 rules 1 TTP 1 CVEA remote code execution vulnerability (CVE-2026-2587) exists in Eclipse GlassFish due to unsanitized user-supplied values in XML attributes being evaluated by the Java Expression Language (EL) engine, and a public exploit is now available.
GlassFish
rce
el-injection
cve-2026-2587
2r
1t
1c