2014-08-13 20:30:24 +04:00
|
|
|
{
|
|
|
|
|
"name": "Find endpoints with uptime > 1.5 years",
|
|
|
|
|
"description": {
|
|
|
|
|
"author": "Julien Vehent",
|
|
|
|
|
"email": "ulfr@mozilla.com",
|
2014-09-04 02:07:21 +04:00
|
|
|
"revision": 201409031000
|
2014-08-13 20:30:24 +04:00
|
|
|
},
|
2015-02-12 01:09:26 +03:00
|
|
|
"target": "queueloc like 'linux.%'",
|
2014-08-13 20:30:24 +04:00
|
|
|
"threat": {
|
|
|
|
|
"level": "-",
|
|
|
|
|
"type": "system",
|
|
|
|
|
"family": "search"
|
|
|
|
|
},
|
|
|
|
|
"operations": [
|
|
|
|
|
{
|
2015-01-21 04:44:14 +03:00
|
|
|
"module": "file",
|
2014-08-13 20:30:24 +04:00
|
|
|
"parameters": {
|
2014-09-04 02:07:21 +04:00
|
|
|
"searches": {
|
|
|
|
|
"uptimesearch": {
|
|
|
|
|
"paths": [
|
|
|
|
|
"/proc/uptime"
|
|
|
|
|
],
|
|
|
|
|
"regexes": [
|
2014-08-13 20:30:24 +04:00
|
|
|
"^[5-9]{1}[0-9]{7,}\\."
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
],
|
2014-08-26 17:55:17 +04:00
|
|
|
"syntaxversion": 2
|
2014-08-13 20:30:24 +04:00
|
|
|
}
|
