Attached is a copy of various custom IPS signatures for SEPM to detect botnet activity (Koobface, Zeus, Clampi, etc)
These are currently in "Allow" mode
Any comments/suggestions to make the rules better are welcome. Also, please feel free to test and report back to me. I'm currently using these as well in my environment.
And just to note, these rules are setup to work with a proxy using port 8080. If you are not behind a proxy, you can change the port to 80 or if you are behind a proxy, you will need to change the port to match what your proxy uses.
I've also attached a zip file of the IPS format used by SEPM if you want to create custom rules.
Thanks for Sharing
Reagrds
Ajin
Thanks brain to share the update
I like that
helps really
customized policies helps always to getting deeper into some features of the product... thx
Thanks Brian, was able to download it and import it into my SEPM. Will try it out and advise further.
Many thanks.