Understanding Events
-
Security Analyst Training
-
Log Events
-
Intrusion Detection Events (IDS)
-
How to analyze scanning events
-
How to analyze malicious file downloads
-
How to Analyze Bad IP Events
-
Event Detail - Understanding a NIDS Event
-
Testing Executable Using Virus Total
-
How to Query the Additional Event Information Fields in Events
-
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD IE Flash request to set non-standard filename (some overlap with 2021752)
-
ETPRO MOBILE_MALWARE Android/SLocker.AC Checkin
-
ETPRO CURRENT_EVENTS Possible Job314/Neutrino Reboot EK Flash Exploit Jan 07 2015 M2
-
ETPRO TROJAN Likely Malicious SWF Beacon Requesting Exploit
-
ETPRO EXPLOIT Adobe Acrobat Reader ACE.dll ICC mluc Integer Overflow
-
ET TROJAN HTTP GET Request on port 53 - Very Likely Hostile
-
ET CNC Ransomware Tracker Reported CnC Server group 82
-
ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 6 or 7 set
-
ET TROJAN Turkojan C&C nxt Command (nxt)
-
ETPRO DOS IBM DB2 Database Server Invalid Data Stream Denial of Service (Published Exploit)
-
ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious
-
ETPRO MALWARE User-Agent (MRSPUTNIK)
-
ETPRO TROJAN Possible Tinba DGA NXDOMAIN Responses (com)
-
ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
-
ET TROJAN MWI Maldoc Stats Callout Aug 18
-
ET MALWARE Zango Seekmo Bar Spyware User-Agent (Seekmo Toolbar)
-
ET MALWARE SpamBlockerUtility Fake Anti-Spyware User-Agent (SpamBlockerUtility x.x.x)
-
ETPRO MALWARE Trojan.Llac.Win32 PUP Activity
-
ET MALWARE Suspicious User Agent (Autoupdate)
-
ET MALWARE Fun Web Products Spyware User-Agent (FunWebProducts)
-
ET TROJAN DNS Reply for unallocated address space - Potentially Malicious 1.1.1.0/24
-
ETPRO TROJAN Obfuscated Phishing Landing Feb 25
-
How to analyze scanning events