Mount Execution With Hidepid Parameter (ec52985a-d024-41e3-8ff6-14169039a0b3)
Detects execution of the "mount" command with "hidepid" parameter to make invisible processes to other users from the system
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Mount Execution With Hidepid Parameter (ec52985a-d024-41e3-8ff6-14169039a0b3) | Sigma-Rules | Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) | Attack Pattern | 1 |