Suricata Output

mobahi99 · March 7, 2021, 11:46am

Hello, I’m new using Suricata.

I got a Suricat output by a wireshark packet sniffing, but I don’t understand what it means:

ET POLICY SMB2 NT Create AndX Request For a DLL File - Possible Lateral Movement
GPL MISC UPnP service discover attempt

Could you recommend me, please, some guide to learn about it.

Thanks for your help.

Andreas_Herz · March 7, 2021, 8:27pm

This is a Emerging Threats Signature that gives you the hint for potential Lateral Movement, but this can also be a false positive. You would have to look deeper into the traffic pattern if other signatures have hit for same/related flows.

Topic		Replies	Views
Content:!"" appear to not be working inside of rule "ET POLICY SMB2 NT Create AndX Request For a DLL File - Possible Lateral Movement""	5	86	October 1, 2024
🔴 Hands-On Session: Detect Lateral Movement in Microsoft Environment with Suricata (Part 1) Announcements webinar	0	959	April 19, 2022
Hands-On Session: Detecting Lateral Movement in Microsoft Environments (Part 2) Announcements community , webinar , suricata	1	1107	October 3, 2022
Alertas suricata - explicacion e interpretacion Help	1	1111	August 19, 2021
Suricata not detecting some packets in a pcap Help rules , suricata , pcaps	4	723	August 10, 2023

Suricata Output

Related topics