jwilliams at emergingthreats.net
Mon Mar 30 13:50:42 HDT 2020
These rules are in the INFO category ( HUNTING category for Suricata 5 ) so
they are not solely indicative of malicious activity.
With the rise in malicious activity tied to the pandemic, we have observed
these to be useful in hunting on the network for new threats.
If there are noisy uninteresting things that are cluttering up your logs,
please let us know and we will always be happy to look at making some
modifications to the rules.
On Mon, Mar 30, 2020 at 3:21 PM Orion Poplawski <orion at nwra.com> wrote:
> Why are we alerting on DNS queries for "coronavirus.jhu.edu"? That seem
> pretty reputable. Also alerting on "covid19info.live" - not so sure about
> that but I believe it's legit.
> Orion Poplawski
> Manager of NWRA Technical Systems 720-772-5637
> NWRA, Boulder/CoRA Office FAX: 303-415-9702
> 3380 Mitchell Lane orion at nwra.com
> Boulder, CO 80301 https://www.nwra.com/
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> Support Emerging Threats! Subscribe to Emerging Threats Pro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs