Vendor
medium
threat
Unusual Child Process Execution from Linux Web Servers
2 rules 4 TTPsThis rule detects unusual child process executions originating from web server processes on Linux systems, which attackers may use to maintain persistence on a compromised system by exploiting web server vulnerabilities.
Jira +20
persistence
execution
command_and_control
initial_access
linux
webserver
2r
4t
medium
threat
Suspicious Command Execution via Web Server on Linux
2 rules 3 TTPsIdentifies suspicious command executions via a web server on Linux systems, which may suggest a vulnerability and remote shell access.
Elastic Defend +43
persistence
initial-access
vulnerability
linux
2r
3t
high
advisory
Keycloak Vulnerability Allows Data Confidentiality Breach and Security Policy Bypass
2 rules 1 TTP 1 CVEA vulnerability in Keycloak versions prior to 26.2.14, 26.4.10, and 26.5.5 allows an attacker to cause a breach of data confidentiality and bypass the security policy, as tracked by CVE-2026-2092.
Keycloak +2
vulnerability
data breach
security policy bypass
2r
1t
1c
medium
advisory
Keycloak Vulnerability Allows Arbitrary Email Sending
2 rules 1 TTPAn anonymous, remote attacker can exploit a vulnerability in Keycloak to send arbitrary emails, potentially leading to phishing or social engineering attacks.
Keycloak
email
vulnerability
spoofing
2r
1t