![]() Best case would be a pattern that is never present in harmless network traffic. ![]() Which is something they have in common with most IDS signatures. The major problem with network based IoC scans are that the rate of false positives heavily depends on how specific/unique the attack patterns are. The IoCs are usually derived from forensic investigations into network packets and compromised hosts, and can be quite unique when it comes to more sophisticated attacks (let’s avoid mentioning the APT buzzword here… oh, wait… darn!). After detecting a network breach it is a good idea to scan the network for further Indicators of Compromise (IoC) to check for further malicious activity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |