The TCP packet is missing the acknowledgment flag for an established session.
What To Look For
This rule looks for TCP sessions that do not initialize a three-way handshake properly.
No public information
No known false positives
Cisco Talos Intelligence Group