[Emerging-Sigs] SIG: ET NETBIOS DCERPC WMI Remote Process Execution
kevross33 at googlemail.com
Tue Apr 9 04:08:05 HDT 2019
Here you go https://car.mitre.org/analytics/CAR-2014-12-001.html,
"false" positives can occur around software management solutions and Dell
Open Manage in terms that they can do this activity and not just bad guys.
alert tcp any any -> $HOME_NET any (msg:"ET NETBIOS DCERPC WMI Remote
Process Execution"; flow:to_server,established;
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs