Intrusion Detection Events (IDS)
Intrusion Detection Events (IDS)
- How to analyze scanning events
- How to analyze malicious file downloads
- How to Analyze Bad IP Events
- Event Detail - Understanding a NIDS Event
- Testing Executable Using Virus Total
- How to Query the Additional Event Information Fields in Events
- ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD IE Flash request to set non-standard filename (some overlap with 2021752)
- ETPRO MOBILE_MALWARE Android/SLocker.AC Checkin
- ETPRO CURRENT_EVENTS Possible Job314/Neutrino Reboot EK Flash Exploit Jan 07 2015 M2
- ETPRO TROJAN Likely Malicious SWF Beacon Requesting Exploit
- ETPRO EXPLOIT Adobe Acrobat Reader ACE.dll ICC mluc Integer Overflow
- ET TROJAN HTTP GET Request on port 53 - Very Likely Hostile
- ET CNC Ransomware Tracker Reported CnC Server group 82
- ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 6 or 7 set
- ET TROJAN Turkojan C&C nxt Command (nxt)
- ETPRO DOS IBM DB2 Database Server Invalid Data Stream Denial of Service (Published Exploit)
- ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious
- ETPRO MALWARE User-Agent (MRSPUTNIK)
- ETPRO TROJAN Possible Tinba DGA NXDOMAIN Responses (com)
- ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
- ET TROJAN MWI Maldoc Stats Callout Aug 18
- ET MALWARE Zango Seekmo Bar Spyware User-Agent (Seekmo Toolbar)
- ET MALWARE SpamBlockerUtility Fake Anti-Spyware User-Agent (SpamBlockerUtility x.x.x)
- ETPRO MALWARE Trojan.Llac.Win32 PUP Activity
- ET MALWARE Suspicious User Agent (Autoupdate)
- ET MALWARE Fun Web Products Spyware User-Agent (FunWebProducts)
- ET TROJAN DNS Reply for unallocated address space - Potentially Malicious 1.1.1.0/24
- ETPRO TROJAN Obfuscated Phishing Landing Feb 25