IP ranges of common services? #10428
Replies: 2 comments
-
|
I would tune thresholds vs allowing cart blanche access to "trusted" providers. Those trusted providers are used all the time as c2 head ends because they are "trusted". I have seen google drive and twitter used as command and control for many threat groups. They just access a text file shared on google drive or follow a twitter account to know what to do etc. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Microsoft was hosting Azure-based Russian election meddlers in 2020. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I'm curious as to how others are handling the allow-listing of common IP ranges for networks like Google, Microsoft, etc. I'm trying to think of a way to easily suppress alerts for false positives coming from "trusted" providers. Perhaps there are services out there that combine this information into an easily digestible format for using with ids rules? For example, Google lists 214 separate ranges just for the United States.
Beta Was this translation helpful? Give feedback.
All reactions