POLICY-SOCIAL -- Snort has detected a violation of the corporate policy. Similar to an IOC, this activity may not be directly malicious, but could be a symptom of compromise, or of a misuse of the network. Examples are cryptocurrency mining and strade (Bitcoin, et al). The ISP won’t block these, but corporate policies likely prohibit them. In this case, Snort has detected a violation of social media policy. Some companies choose to disallow some or all social media, or to only allow in-network social sharing. This can prevent simple productivity loss or serious NDA breaches (sharing of files from the internal network, etc.).
POLICY-SOCIAL IRC dns request
This event is generated when activity relating to network chat clients is detected. Impact: Policy Violation. Use of chat clients to communicate with Unknown external sources may be against the policy of many organizations. Details: Instant Messaging (IM) and other chat related client software can allow users to transfer files directly between hosts. This can allow malicious users to circumvent the protection offered by a network firewall. Vulnerabilities in these clients may also allow remote attackers to gain unauthorized access to a host. Ease of Attack: Simple.
No information provided
No public information
No known false positives
Cisco Talos Brian Caswell Nigel Houghton
No rule groups
None
No information provided
None