Windows update list for exe download alerts


I get lots of INDICATOR-SHELLCODE x86 inc ecx NOOP which is triggered by Windows Updates.

Right now, I am just disabling them as I see them, but it is a lot of work. Is there a list of windows / office microsoft updates IP I can use to filter against.

Any other suggestions?


I guess the IPs can vary a lot over time, you could instead try to threshold or suppress the traffic for that 11.7. Ignoring Traffic — Suricata 7.0.2-dev documentation instead of IP whitelisting.