SID 1:37732

Report a false positive

Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER eicar test string download attempt

Rule Explanation

Impact: Possible policy violation. The use of POLICY-OTHER eicar test string download attempt may be prohibited by corporate policy in some network environments. Details: This event indicates that the POLICY-OTHER eicar test string download attempt is being used on the protected network. Ease of Attack: Simple.

What To Look For

This event is generated when network traffic that indicates POLICY-OTHER eicar test string download attempt is being used.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos

Rule Groups

No rule groups

CVE

None

Additional Links

www.eicar.org/86-0-Intended-use.html

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None

MITRE ATT&CK Framework

Tactic: Discovery

Technique: Application Window Discovery

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org