POLICY-SOCIAL -- Snort has detected a violation of the corporate policy. Similar to an IOC, this activity may not be directly malicious, but could be a symptom of compromise, or of a misuse of the network. Examples are cryptocurrency mining and strade (Bitcoin, et al). The ISP won’t block these, but corporate policies likely prohibit them. In this case, Snort has detected a violation of social media policy. Some companies choose to disallow some or all social media, or to only allow in-network social sharing. This can prevent simple productivity loss or serious NDA breaches (sharing of files from the internal network, etc.).
POLICY-SOCIAL IRC G-line active
This event is generated when network traffic that indicates POLICY-SOCIAL IRC G-line active is being used. Impact: Possible policy violation. The use of POLICY-SOCIAL IRC G-line active may be prohibited by corporate policy in some network environments. Details: This event indicates that the POLICY-SOCIAL IRC G-line active is being used on the protected network. Ease of Attack: Simple.
No information provided
No public information
No known false positives
Cisco Talos
No rule groups
None
No information provided
None