Skip to content

Latest commit

 

History

History
58 lines (51 loc) · 3.74 KB

6299d728-14f7-455e-85c5-ea8ec65a654a.md

File metadata and controls

58 lines (51 loc) · 3.74 KB
Raw

Products: Zscaler - Nanolog Streaming Service

Rules

Rule ID Rule Name
MATCH-S00553 Allowed Inbound RDP Traffic
LEGACY-S00003 Base32 in DNS Query
LEGACY-S00004 Bitsadmin to Uncommon TLD
MATCH-S00209 CVE-2021-44228 Log4j2 Java Library 0-Day Attempt
LEGACY-S00013 Connection to High Entropy Domain
LEGACY-S00026 DNS Lookup of High Entropy Domain
LEGACY-S00030 Domain Resolution in Non-Standard TLD
MATCH-S00454 Firewall Allowed SMB Traffic
FIRST-S00030 First Seen Outbound Connection to External IP Address on Port 445 from IP Address
LEGACY-S00041 HTTP External Request to PowerShell Extension
LEGACY-S00042 HTTP Request to Domain in Non-Standard TLD
THRESHOLD-S00015 HTTP Response Error Spike - External
THRESHOLD-S00016 HTTP Response Error Spike - Internal
MATCH-S00203 HTTP activity over port 53 - Possible SIGRED
LEGACY-S00045 HTTP request for single character file name
LEGACY-S00027 Hexadecimal in DNS Query Domain
LEGACY-S00047 High risk file extension download without hostname and referrer
THRESHOLD-S00079 Inbound Port Scan
MATCH-S00396 Large Outbound ICMP Packets
MATCH-S00556 Outbound Data Transfer Protocol Over Non-standard Port
MATCH-S00554 Outbound IRC Traffic
THRESHOLD-S00026 Possible Credential Abuse
LEGACY-S00061 Possible DNS Data Exfiltration
MATCH-S00835 Possible Dynamic URL Domain
MATCH-S00637 Possible Malicious Download
MATCH-S00584 Pwndrp Access
LEGACY-S00079 SQL-Select-From
LEGACY-S00093 Script/CLI UserAgent string
LEGACY-S00095 Server-Side Code Injection in URL
OUTLIER-S00006 Spike in Data Transferred Outbound by User
OUTLIER-S00010 Spike in URL Length from IP Address
MATCH-S00783 Spring4Shell Exploitation - URL
LEGACY-S00182 Suspicious HTTP User-Agent
LEGACY-S00111 Threat Intel - Device IP Matched Threat Intel URL
MATCH-S00555 Threat Intel - Inbound Traffic Context
LEGACY-S00109 Threat Intel - Matched Domain Name
LEGACY-S00107 Threat Intel Match - IP Address
LEGACY-S00165 VBS file downloaded from Internet
MATCH-S00557 Web Request to IP Address
MATCH-S00566 Web Request to Punycode Domain
MATCH-S00222 ZScaler Proxy-Traffic to Malicious Categorized Domain
MATCH-S00061 Zscaler - Allowed Elevated Risk Score Events

Log Mappers

Log Mapper ID Log Mapper Name
935e3137-e603-41d5-bfc7-081b0eec3096 Zscaler - Nanolog Streaming Service - CEF Logs
e7bb38e5-d682-4c62-b9af-ebb53db165ae Zscaler - Nanolog Streaming Service - JSON