Source |
SANS Institute |
Identifiant |
8000496 |
Date de publication |
2022-11-14 02:35:27 (vue: 2022-11-14 03:05:45) |
Titre |
Extracting \'HTTP CONNECT\' Requests with Python, (Mon, Nov 14th) |
Texte |
Seeing abnormal Suricata alerts isn't too unusual in my home environment. In many cases it may be a TLD being resolved that at one point in time was very suspicious. With the increased legitimate adoption of some of these domains, these alerts have been less useful, although still interesting to investigate. I ran into a few of these alerts one night and when diving deeper there was an unusual amount, frequency, and source of the alerts.
|
Envoyé |
Oui |
Condensat |
14th abnormal adoption alerts although amount been being cases connect deeper diving domains environment extracting frequency have home http increased interesting investigate isn't legitimate less many may mon night nov one point python ran requests resolved seeing some source suricata suspicious these time tld too unusual useful very when |
Tags |
|
Stories |
|
Notes |
|
Move |
|