Fortinet
Updated UTM dns rule and removed Potentially Unwanted Programs and Spam URLs from the detection.
Added a new UTM dns rule with a 250/1 threshold for detecting C2 traffic
Windows Auth
Revised the windows brute force rule to better detect the appropriate Account Name via regex
pfSense
Each rule need a regex check to make sure the network directionality was correct. The log indicates direction but that is just for the interface that is receiving or sending, not the actual network direction.
Fortinet Updated UTM dns rule and removed Potentially Unwanted Programs and Spam URLs from the detection. Added a new UTM dns rule with a 250/1 threshold for detecting C2 traffic
Windows Auth Revised the windows brute force rule to better detect the appropriate Account Name via regex
pfSense Each rule need a regex check to make sure the network directionality was correct. The log indicates direction but that is just for the interface that is receiving or sending, not the actual network direction.