Suricata Output

mobahi99 · March 7, 2021, 11:46am

Hello, I’m new using Suricata.

I got a Suricat output by a wireshark packet sniffing, but I don’t understand what it means:

ET POLICY SMB2 NT Create AndX Request For a DLL File - Possible Lateral Movement
GPL MISC UPnP service discover attempt

Could you recommend me, please, some guide to learn about it.

Thanks for your help.

Andreas_Herz · March 7, 2021, 8:27pm

This is a Emerging Threats Signature that gives you the hint for potential Lateral Movement, but this can also be a false positive. You would have to look deeper into the traffic pattern if other signatures have hit for same/related flows.

Topic		Replies	Views
Detecting lateral movement Help	7	442	August 29, 2021
Unable to output logs (vxlan) Rules	2	399	August 29, 2021
Nmap Detection via Suricata Rules suricata	1	4031	May 2, 2022
Fast.log entry/entries Help ips	3	772	February 17, 2021
Suricata Rules to Snort 2 Rules Help	3	389	July 4, 2023

Suricata Output

Related Topics