Shell Invocation via Env Command - Linux (bed978f8-7f3a-432b-82c5-9286a9b3031a)

Detects the use of the env command to invoke a shell. This may indicate an attempt to bypass restricted environments, escalate privileges, or execute arbitrary commands.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Shell Invocation via Env Command - Linux (bed978f8-7f3a-432b-82c5-9286a9b3031a)	Sigma-Rules	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	2