Appendices¶
Appendix A - malware
metadata key value details¶
Value | Description |
---|---|
malware | Malware related traffic (generic) |
post-infection | Malware post-infection |
pre-infection | Malware pre-infection |
download-attempt | Malware download attempt; pre-persistence |
Appendix B - priority
metadata key value details¶
Value | Details |
---|---|
high | High priority issues; typically reserved for malware infection and post-compromise traffic. |
medium | Pre-infection; exploit attempts to download malware; targeted exploitation attempts |
low | lower priority threats; scanning, etc. |
info | Informational. Alert is generated/logged but is not significant enough on its own to warrant action. |
research | Rule deployed for research purposes. Can and should be ignored by SIEM, analysts, etc. |