Tag

Kernel-Ring-Buffer

1 brief RSS

Attempt to Clear Kernel Ring Buffer via dmesg

The rule detects attempts to clear the kernel ring buffer on Linux systems using the `dmesg` command with options like `-c`, `-C`, `--clear`, or `--read-clear` to evade detection.

Elastic Defend +1 defense-evasion kernel-ring-buffer linux

2r 2t 4h ago