Skip navigation

News

Announcement 1 RSA Link Scheduled Maintenance: January 18th - January 21st

Top & Trending
RSA Admin
RSA Firstwatch are a team of analysts that are looking at emergent threats presented by new strains of malware.  The research into this activity produces new feeds of known C&C IPs, domains, APT exfiltration sites and many more.  We are also producing some nifty new rules to detect variants of botnet beaconing, bot checkins, known
19

NTRSPhil
Does anyone have rule ideas for detecting this CVE.  I have searched for extension=swf but that as i am sure you guessed was to broad.  Since this is in the wild any help you could provide on this one would be great.   Phil
2
Top & Trending
NTRSPhil
Hey I'm sure this is a easy question.  Can anyone tell me why the && Not section of this rule is not working. ip.dst=131.253.18.0/24 || ip.dst=199.2.137.0/24 || ip.dst=207.46.90.0/24 || ip.dst=1.1.1.0/24 && (ip.src!=10.10.10.101 || ip.src!=10.10.10.102 || ip.src!=10.10.10.103)   And why the heck can't I paste into these
2