You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you very much to this community for helping me understand the basics of security onion. You've been very helpful so far. Currently, my SOC has me prototyping a network intrusion detection (NIDS) for this mock setup:
centOS Security Onion machine
win10 attacker
win10 victim
Looking at the 2023 emergent threats section of the sigma rules, I found some interesting plays to be:
MSMQ Corrupted Packet Encountered
Windows Service Terminated With Error
Windows Defender Real-Time Protection Failure/Restart
Potential Edputil.DLL Sideloading
Would you have any recommendations for plays specific to Windows NIDS? Any suggestions for reading material? Thank you again, and any help would be greatly appreciated!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Thank you very much to this community for helping me understand the basics of security onion. You've been very helpful so far. Currently, my SOC has me prototyping a network intrusion detection (NIDS) for this mock setup:
Looking at the 2023 emergent threats section of the sigma rules, I found some interesting plays to be:
Would you have any recommendations for plays specific to Windows NIDS? Any suggestions for reading material? Thank you again, and any help would be greatly appreciated!
Beta Was this translation helpful? Give feedback.
All reactions