Making a relatively minor change to the BotCC rules, as we’ve all discussed in the past. The data is from Shadowserver and the Zeus/Palevo/Spyeye Trackers. Very reliable as you all know, and these projects do a GREAT job, we’re very grateful for their generosity in giving these lists out! I’m just splitting them [...]
Lots of great stuff today, and a new category added. 15 new Open rules, 12 new Pro Subscriber rules for 27 total! The new category is info.rules, or emerging-info.rules. This will essentially be correlation engine foddeer rules. Not stuff you’ll likely want humans going through, but good for post incident analysis. Don’t [...]
We’ve got a lot of change, as well as the Microsoft Patch Tuesday signatures in here today. Details on patch tuesday here. 7 new Open rules, 7 new Pro Subscriber rules. [+++] Added rules: [+++] Moved from the GPL range: 2002697 – [...]
16 new open signatures, 9 new Pro rules. Included as you’ll see below are some signatures for HTTP traffic on port 443. These are for a number of trojans that are running http CnC channels on port 443, hoping that they’ll be ignored. In Snort this happens frequently since 443 is not in the [...]
> As was last discussed a few months ago, Alienvault has donated their proposed classification system. It’s a great step forward and will be a giant help to correlation systems as well as analysts. We are FINALLY ready to start deploying. I’d like to put the list back up for another look. As we get [...]
