neo12 Absent Member.
Absent Member.
663 views

rules-botnet

Jump to solution

Is there anyone who wrote a complex rules about botnet attack? if it happened may i know or see that rule?

0 Likes
1 Solution

Accepted Solutions
Highlighted
mike_of_many Trusted Contributor.
Trusted Contributor.

Re: rules-botnet

Jump to solution

This question seems a bit broad.

To narrow it down, what type of attack are you expecting?  Distributed Intrusion Attempts? DDOS? Water cooler attacks with Exploit Kits?   or are you referring to having a bot zombie/agent within your enterprise... in which case you would be looking for CnC, Bot-tasks such as participation in DDOS, traffic hosting or referrals (DNS,WEB), and new services (DNS hosted by workstations, servers- web, irc...) or cpu related activites: bitcoin mining, hash breaking...?

The first, is going to depend on your perimeter and attack surface, the second will depend more on your host based security layers.

Mike

View solution in original post

2 Replies
Highlighted
mike_of_many Trusted Contributor.
Trusted Contributor.

Re: rules-botnet

Jump to solution

This question seems a bit broad.

To narrow it down, what type of attack are you expecting?  Distributed Intrusion Attempts? DDOS? Water cooler attacks with Exploit Kits?   or are you referring to having a bot zombie/agent within your enterprise... in which case you would be looking for CnC, Bot-tasks such as participation in DDOS, traffic hosting or referrals (DNS,WEB), and new services (DNS hosted by workstations, servers- web, irc...) or cpu related activites: bitcoin mining, hash breaking...?

The first, is going to depend on your perimeter and attack surface, the second will depend more on your host based security layers.

Mike

View solution in original post

lakshmisha357 Respected Contributor.
Respected Contributor.

Re: rules-botnet

Jump to solution

Hi Mike, I need your assistance regarding Use Case Creation. Could you please provide rules for the following.(I tried to be specific)

  1. Patch non compliance
  2. Unauthorized security configuration
  3. Unauthorized access of storage account
  4. Unauthorized access of storage account keys
  5. Virus, malware, malicious code detection(Correlation)
  6. Vulnerability detection
  7. Unauthorized devices in the network
  8. Unauthorized applications in the network
  9. Loss / tampering with logs especially security logs
  10. Spoofing
  11. DOS and DDOS attacks
  12. Unauthorized access to certificate private keys
  13. Suspicious privilege account activity
  14. Unauthorized firewall rule changes
  15. Unauthorized changes to express route connectivity
  16. Suspicious logins to VM
  17. Botnet detection at firewall 
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.