Product
medium
threat
Unusual Child Process Execution from Linux Web Servers
2 rules 4 TTPsThis rule detects unusual child process executions originating from web server processes on Linux systems, which attackers may use to maintain persistence on a compromised system by exploiting web server vulnerabilities.
Jira +20
persistence
execution
command_and_control
initial_access
linux
webserver
2r
4t
medium
threat
Suspicious Command Execution via Web Server on Linux
2 rules 3 TTPsIdentifies suspicious command executions via a web server on Linux systems, which may suggest a vulnerability and remote shell access.
Elastic Defend +43
persistence
initial-access
vulnerability
linux
2r
3t
critical
advisory
Multiple Vulnerabilities in Spring Boot Allow Authorization Bypass and Potential RCE
2 rules 3 TTPs 3 CVEsMultiple vulnerabilities in Spring Boot, including CVE-2026-40976, CVE-2026-40973, and CVE-2026-40972, can allow attackers to bypass authorization, hijack sessions, or achieve remote code execution, potentially leading to data breaches and system compromise.
Spring Boot
spring-boot
vulnerability
rce
authentication-bypass
session-hijacking
2r
3t
3c