alexcpsec
commented
10 years ago For reference, what I currently use:
- inbound:
(Scanning Host|Spamming) - outbound:
(Malware|C&C|APT)
Closed krmaxwell closed 10 years ago
alexcpsec
commented
10 years ago For reference, what I currently use:
(Scanning Host|Spamming)(Malware|C&C|APT)
krmaxwell
commented
10 years ago :+1:
Alienvault data contains both inbound as well as outbound. The notes will map which indicator is which.