Merge pull request #9136 from azurekid/master

Update PossibleBeaconingActivity.yaml
Azure · Oct 3, 2023 · 85e69ce · 85e69ce
2 parents e9383c2 + bc8b5be
commit 85e69ce
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Solutions/Network Session Essentials/Analytic Rules/PossibleBeaconingActivity.yaml b/Solutions/Network Session Essentials/Analytic Rules/PossibleBeaconingActivity.yaml
@@ -1,7 +1,7 @@
 id: fcb9d75c-c3c1-4910-8697-f136bfef2363
 name: Potential beaconing activity (ASIM Network Session schema)
 description: |
-  This rule identifies beaconing patterns from Network traffic logs based on recurrent frequency patterns. Such potential outbound beaconing patterns to untrusted public networks should be investigated for any malware callbacks or data exfiltration attempts as discussed in this [Blog](http://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/).\<br><br>
+  This rule identifies beaconing patterns from Network traffic logs based on recurrent frequency patterns. Such potential outbound beaconing patterns to untrusted public networks should be investigated for any malware callbacks or data exfiltration attempts as discussed in this [Blog](https://medium.com/@HuntOperator/detect-beaconing-with-flare-elastic-stack-and-intrusion-detection-systems-110dc74e0c56).\<br><br>
   This analytic rule uses [ASIM](https://aka.ms/AboutASIM) and supports any built-in or custom source that supports the ASIM NetworkSession schema'
 severity: Low
 status: Available
@@ -154,5 +154,5 @@ customDetails:
   FrequencyTime: MostFrequentTimeDeltaCount
   TotalDstBytes: TotalDstBytes
 
-version: 1.1.3
+version: 1.1.4
 kind: Scheduled