Merge pull request #804 from mandiant/mr-tz-patch-4

Create enumerate-device-drivers-on-linux.yml
mandiant · Aug 7, 2023 · d4b9f3f · d4b9f3f
2 parents 1f440be + 5b04cda
commit d4b9f3f
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/nursery/enumerate-device-drivers-on-linux.yml b/nursery/enumerate-device-drivers-on-linux.yml
@@ -0,0 +1,16 @@
+rule:
+  meta:
+    name: enumerate device drivers on Linux
+    namespace: collection
+    authors:
+      - "@mr-tz"
+    scope: function
+    att&ck:
+      - Discovery::Device Driver Discovery [T1652]
+  features:
+    - and:
+      - os: linux
+      - api: system
+      - or:
+        - substring: "lsmod"
+        - substring: "modinfo"