Appendices

Appendix A - malware metadata key value details

Value Description
malware Malware related traffic (generic)
post-infection Malware post-infection
pre-infection Malware pre-infection
download-attempt Malware download attempt; pre-persistence

Appendix B - priority metadata key value details

Value Details
high High priority issues; typically reserved for malware infection and post-compromise traffic.
medium Pre-infection; exploit attempts to download malware; targeted exploitation attempts
low lower priority threats; scanning, etc.
info Informational. Alert is generated/logged but is not significant enough on its own to warrant action.
research Rule deployed for research purposes. Can and should be ignored by SIEM, analysts, etc.