Wiki

User Tools

Site Tools

Trace: start
ids:emerging_threats:emerging_threat_categories

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ids:emerging_threats:emerging_threat_categories [2021/07/20 12:16] peterids:emerging_threats:emerging_threat_categories [2021/07/20 13:45] (current) – removed peter
Line 1: Line 1:
-====== IDS - Emerging Threats - Emerging Threat Categories ====== 
  
-^Category^Description^Reference^ 
-|3CORESec|Generated automatically from the 3CORESec team IP block lists; based on malicious activity from their Honeypots.|https://blacklist.3coresec.net/lists/et-open.txt| 
-|ActiveX|Protects against attacks and exploits against Microsoft ActiveX controls.|| 
-|Adware-PUP|Ad tracking and spyware related activity.|| 
-|Attack Response|Identifies responses indicative of intrusion; such as LMHost file download, presence of certain web banners and the detection of Metasploit Meterpreter kill command.|| 
-|Botcc (Bot Command and Control)|Autogenerated from several sources of known and confirmed active botnet and other Command and Control (C2) hosts.|https://www.shadowserver.org| 
-|Botcc Portgrouped|Similar to the Botcc category but grouped by destination port. Rules grouped by port can offer higher fidelity than those not grouped by port.|| 
-|Chat|Traffic related to numerous chat clients such as Internet Relay Chat (IRC). Chat traffic can be indicative of possible check-in activity by threat actors.|| 
-|CIArmy|Generated using Collective Intelligence IP rules for blocking.|https://www.cinsscore.com| 
-|Coinmining|Rules that detect malware which performs coin mining.|| 
-|Compromised|Based on a list of known compromised hosts that is confirmed and updated daily from several private but highly reliable data sources.|| 
-|:::|**WARNING:**  Snort can experience performance issues when handling IP matches. This category can add significant a processing load, particularly if sensors already operating near capacity. In a high-capacity situation like this, we recommend using the Botcc rules instead.|| 
- 
- 
----- 
- 
-===== References ===== 
- 
-https://tools.emergingthreats.net/docs/ETPro%20Rule%20Categories.pdf 
ids/emerging_threats/emerging_threat_categories.1626783407.txt.gz · Last modified: 2021/07/20 12:16 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki