Skip to content

0xploitNinja/Detection-Rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
CVEs/CVE-2026-31431
CVEs/CVE-2026-31431
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Detection Rules

Detection engineering repository containing:

  • Wazuh detection rules
  • Auditd syscall monitoring
  • Linux threat hunting content
  • CVE-specific detections
  • Detection engineering research

Current CVEs

CVE Description Detection
CVE-2026-31431 Linux Kernel Copy Fail Local Privilege Escalation Wazuh + Auditd

Repository Structure

Detection-Rules/
└── CVEs/
    └── CVE-2026-31431/

Detection Coverage

Current detections include:

  • AF_ALG socket monitoring
  • splice() syscall monitoring
  • execve monitoring
  • privilege escalation detection
  • syscall telemetry correlation

Platforms

  • Wazuh
  • Auditd
  • Linux
  • Rocky Linux
  • AlmaLinux
  • RHEL

MITRE ATT&CK

Technique Description
T1068 Exploitation for Privilege Escalation
T1203 Exploitation for Client Execution

About

Detection-Rules is a curated collection of Wazuh detection rules and use cases focused on identifying and alerting on CVE-based vulnerabilities. It includes custom and enhanced rule sets designed to improve threat detection, strengthen security monitoring, and enable proactive identification of exploitation attempts across environments.

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages