Here's the latest in Content Updates. They enable expanded malware detection as well as add additional features for DNS traffic analysis and analysis around domains.
Application Rule Updates
- Dyzap - Related Blog post
- Update of Cerber Ransomware rule
ESA Rule Updates
- Update of Cerber Ransomware rule
Feed Updates
- Cerber Ransomware
- Popcorn Time Ransomware
Parser Updates
- DNS_lua
- File detection in DNS traffic
- Base64 and Base36 TXT record detection
- TLD_lua options file
- Ability to set local domains and TLDs for identification to whitelist the domains/TLDs from the logic that looks for suspicious domain structure.
which feeds have these been populated into ?