Techniques
Sample rules
Sign-In From Malware Infected IP
- source: sigma
- technicques:
- t1090
Description
Indicates sign-ins from IP addresses infected with malware that is known to actively communicate with a bot server.
Detection logic
condition: selection
selection:
riskEventType: malwareInfectedIPAddress