Is there anyone who wrote a complex rules about botnet attack? if it happened may i know or see that rule?
This question seems a bit broad.
To narrow it down, what type of attack are you expecting? Distributed Intrusion Attempts? DDOS? Water cooler attacks with Exploit Kits? or are you referring to having a bot zombie/agent within your enterprise... in which case you would be looking for CnC, Bot-tasks such as participation in DDOS, traffic hosting or referrals (DNS,WEB), and new services (DNS hosted by workstations, servers- web, irc...) or cpu related activites: bitcoin mining, hash breaking...?
The first, is going to depend on your perimeter and attack surface, the second will depend more on your host based security layers.
Hi Mike, I need your assistance regarding Use Case Creation. Could you please provide rules for the following.(I tried to be specific)