Product
low
advisory
Potential Proxy Execution via Systemd-run on Linux
1 rule 3 TTPsThis brief details how attackers may leverage the `systemd-run` utility on Linux systems for defense evasion and execution by running commands as detached, transient services or scopes to obscure their activities and parent-child process chains.
Acronis Cyber Protect +46
defense-evasion
execution
linux
1r
3t
high
advisory
Kubernetes and Cloud Credential Path Access via Process Arguments
3 rules 2 TTPsThis rule detects Linux process executions that access high-value Kubernetes service-account material, kubeconfig or node PKI paths, or common cloud files, potentially indicating credential theft within in-cluster and hybrid environments.
Amazon EKS +6
credential-access
threat-detection
kubernetes
cloud
linux
3r
2t