Skip to content

Latest commit

 

History

History
59 lines (52 loc) · 3.12 KB

MATCH-S00555.md

File metadata and controls

59 lines (52 loc) · 3.12 KB
Raw

Rules: Threat Intel - Inbound Traffic Context

Description

This rule detects allowed inbound traffic from an IP address associated with a known malicious campaign as designated by threat intelligence.

Additional Details

Detail Value
Type Templated Match
Category Threat Intelligence
Apply Risk to Entities srcDevice_ip
Signal Name Threat Intel - Inbound Traffic Context
Summary Expression This rule detects inbound traffic from an IP address associated with a known malicious campaign as designated by threat intelligence.
Score/Severity Static: 0
Enabled by Default True
Prototype False
Tags

Vendors and Products

Fields Used

Origin Field
Normalized Schema dstDevice_ip
Normalized Schema listMatches
Normalized Schema objectType
Normalized Schema srcDevice_ip
Normalized Schema srcDevice_ip_isInternal
Normalized Schema success