valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1907 from neu5ron/patch-6

Browse Source 
correct fields for zeek_rdp_public_listener.yml
This commit is contained in:
frack113 2021-08-23 20:58:01 +02:00 committed by GitHub
commit d89cebab55
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rules/network/zeek/zeek_rdp_public_listener.yml
View File

@ -38,8 +38,8 @@ detection:
#- x.x.x.x
condition: not selection #and not approved_rdp
fields:
- src_ip
- dst_ip
- id.orig_h
- id.resp_h
falsepositives:
- none
- Although it is recommended to NOT have RDP exposed to the internet, verify that this is a) allowed b) the server has not already been compromised via some brute force or remote exploit since it has been exposed to the internet. Work to secure the server if you are unable to remove it from being exposed to the internet.
level: high