[Bro] Detecting remote powershell
James Dickenson
jdickenson at gmail.com
Fri Feb 16 10:32:23 PST 2018
I don't believe I've seen any work in this regard for Bro, it would be
great if someone invested the time to build something. I do know that
there is the Attack Detection team that have been submitting a lot of
powershell,empire,etc based rules to the ET ruleset for Snort/Suricata.
-James D.
On Wed, Feb 14, 2018 at 5:03 AM, James Lay <jlay at slave-tothe-box.net> wrote:
> Hey All,
>
> Topic really...has anyone put some work/sigs into detecting remote
> powershell? Figured I'd start here first...thank you.
>
> James
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180216/0918c1f0/attachment.html
More information about the Bro
mailing list