I run SecurityOnion and this morning Suricata alerted me with this alert:
A network trojan was detected. ET CURRENT_EVENTS [Fireeye] Backdoor.HTTP.GORAT.[Build ID] with rule saying alert tcp any any → any any (msg:“Backdoor.HTTP.GORAT.[Build ID]”; content:“aqlKZ7wjzg0iKM00E1WB/jq9_RA46w91EKl9A02Dv/nbNdZiLsB1ci8Ph0fb64/9Ks1YxAE86iz9A0dUiDl”; sid:25850; rev:1;).
My question now is: with this alert how would I go about checking if this is a false positive or there actually is something wrong?