[Emerging-Sigs] Help to understand rule

Travis Green tgreen at emergingthreats.net
Wed Feb 21 09:25:08 HST 2018


Rildo, this signature creates an alert on use of CryptoCoin mining
software, you'll likely find the machine running this software in the src
IP of the alert. Depending on your environment this software may or may not
be acceptable, so we've used POLICY category for the rule.

Hope that helps,
-Travis

On Wed, Feb 21, 2018 at 10:57 AM, Rildo Souza <rildo.souza at rnp.br> wrote:

> Hello People,
>
> Currently we are receiving some alerts related with the rule below:
>
> [1:2024792:2]; ET POLICY Cryptocurrency Miner Checkin [**]
> [Classification: Potential Corporate Privacy Violation];
>
> When I looked for additional information about it in my network I can't
> see anything wrong.
>
> Could someone help me ?
>
> Thank you
>
> Rildo Antonio de Souza
> Analista de Seguran├ža
> Centro de Atendimento a Incidentes de Seguran├ža - CAIS
> Rede Nacional de Ensino e Pesquisa - RNP
> (19) 3787-3368 - http://www.rnp.br/cais
>
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
>


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180221/4c2ec1f3/attachment.html>


More information about the Emerging-sigs mailing list