Michael Sconzo

Content Update

Blog Post created by Michael Sconzo Employee on Dec 14, 2016

Here's the latest in Content Updates. They enable expanded malware detection as well as add additional features for DNS traffic analysis and analysis around domains.

 

Application Rule Updates

  • Dyzap - Related Blog post
  • Update of Cerber Ransomware rule

 

ESA Rule Updates

  • Update of Cerber Ransomware rule

 

Feed Updates

 

Parser Updates

  • DNS_lua
    • File detection in DNS traffic
    • Base64 and Base36 TXT record detection
  • TLD_lua options file
    • Ability to set local domains and TLDs for identification to whitelist the domains/TLDs from the logic that looks for suspicious domain structure.

Outcomes