Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: question

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 27 Oct 2015 21:18:41 +0000
Thanks for your email.

Unfortunately, I am not able to provide further details about this alert at this time.  TruffleHunter rules are for 
vulnerabilities that have been discovered by Talos<http://talosintel.com/vulnerability-reports/>, disclosed to the 
vendor, but the vendor has not yet issued a patch.

We may be able to determine if it is a false positive (and thereby helping the community as a whole) if you are able to 
provide a packet capture of the alert.


--
Joel Esler
Manager, Talos Group




On Oct 27, 2015, at 3:07 PM, Hummert, Austin <Austin.Hummert () adm com<mailto:Austin.Hummert () adm com>> wrote:

Hello all,

I have a question on a rule that’s been firing in my environment.

OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (3:36222)

I understand the concept of trufflehunter rules, but I’m wondering how other people are handling these. The packets 
triggering this rule appear to be legitimate outbound traffic, and the destination does not appear to be blacklisted in 
any way. The problem is I don’t know exactly what the rule is looking for so it makes it difficult to verify the 
traffic itself.

Any thoughts on trufflehunter?

Thanks,

Austin



Confidentiality Notice:
This message may contain confidential or privileged information, or information that is otherwise exempt from 
disclosure. If you are not the intended recipient, you should promptly delete it and should not disclose, copy or 
distribute it to others.


------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org<http://www.snort.org/>


Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!


------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: