Stamus Networks MS-DSSP service - DsRolerGetPrimaryDomainInformation - Suricata Rule 3115136 (stamus/lateral)

Stamus Networks MS-DSSP service - DsRolerGetPrimaryDomainInformation

SID: 3115136Rev: 40 viewsHistory

Sourcestamus/lateral

CreatedMarch 23, 2022

UpdatedAugust 5, 2024

alert smb any any -> $HOME_NET any (msg:"Stamus Networks MS-DSSP service - DsRolerGetPrimaryDomainInformation"; flow:to_server, established; dcerpc.iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; dcerpc.opnum:0; flowbits:set,stamus.tsch.service.DSSP.DsRolerGetPrimaryDomainInformation; metadata:lateral_key dcerpc.iface, lateral_function DsRolerGetPrimaryDomainInformation, lateral_asset src_ip, stamus_classification lateral, provider Stamus, created_at 2022_03_23, updated_at 2024_08_05, source smb_lateral, signature_severity Informational; target:dest_ip; sid:3115136; rev:4; reference:url,https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dssp/90662fe7-570b-485a-8bfa-a03a3a8f0d6c; reference:url,https://www.stamus-networks.com/blog/new-open-ruleset-for-detecting-lateral-movement-with-suricata; reference:url,https://www.stamus-networks.com/blog/threat-hunting-with-the-open-lateral-movement-ruleset-for-suricata;)

References

url	https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dssp/90662fe7-570b-485a-8bfa-a03a3a8f0d6c
url	https://www.stamus-networks.com/blog/new-open-ruleset-for-detecting-lateral-movement-with-suricata
url	https://www.stamus-networks.com/blog/threat-hunting-with-the-open-lateral-movement-ruleset-for-suricata

Metadata

lateral keydcerpc.iface

lateral functionDsRolerGetPrimaryDomainInformation

lateral assetsrc_ip

stamus classificationlateral

providerStamus

created at2022_03_23

updated at2024_08_05

sourcesmb_lateral

signature severityInformational

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!