[Emerging-Sigs] Help to understand rule

Rildo Souza rildo.souza at rnp.br
Wed Feb 21 09:38:30 HST 2018


Thank you for your information, Travis. 

Best Regards, 

Rildo Antonio de Souza 
Analista de Segurança 
Centro de Atendimento a Incidentes de Segurança - CAIS 
Rede Nacional de Ensino e Pesquisa - RNP 
(19) 3787-3368 - http://www.rnp.br/cais 


De: "Travis Green" <tgreen at emergingthreats.net> 
Para: "Rildo Souza" <rildo.souza at rnp.br> 
Cc: "Emerging Sigs" <Emerging-sigs at emergingthreats.net> 
Enviadas: Quarta-feira, 21 de fevereiro de 2018 16:25:08 
Assunto: Re: [Emerging-Sigs] Help to understand rule 

Rildo, this signature creates an alert on use of CryptoCoin mining software, you'll likely find the machine running this software in the src IP of the alert. Depending on your environment this software may or may not be acceptable, so we've used POLICY category for the rule. 
Hope that helps, 
-Travis 

On Wed, Feb 21, 2018 at 10:57 AM, Rildo Souza < rildo.souza at rnp.br > wrote: 



Hello People, 

Currently we are receiving some alerts related with the rule below: 

[1:2024792:2]; ET POLICY Cryptocurrency Miner Checkin [**] [Classification: Potential Corporate Privacy Violation]; 

When I looked for additional information about it in my network I can't see anything wrong. 

Could someone help me ? 

Thank you 

Rildo Antonio de Souza 
Analista de Segurança 
Centro de Atendimento a Incidentes de Segurança - CAIS 
Rede Nacional de Ensino e Pesquisa - RNP 
(19) 3787-3368 - http://www.rnp.br/cais 



_______________________________________________ 
Emerging-sigs mailing list 
Emerging-sigs at lists.emergingthreats.net 
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs 

Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net 








-- 
PGP: 0xBED7B297 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180221/f10612aa/attachment.html>


More information about the Emerging-sigs mailing list