splApache-2.0from splunk/security_content

Zscaler CryptoMiner Downloaded Threat Blocked

The following analytic identifies attempts to download cryptomining software that are blocked by Zscaler. It leverages web proxy logs to detect blocked actions associated with cryptominer threats, analyzing key data points such as device owner, user, URL category, destination URL, and IP. This activity is significant for a SOC as it helps in early identification and mitigation of cryptomining activities, which can compromise network integrity and resource availability. If confirmed malicious, this activity could lead to unauthorized use of network resources for cryptomining, potentially degrading system performance and increasing operational costs.

Quality

FP risk

—

Forks

Views

Rule source🔒 locked

title: ████████████████████████
id: ████████-████-████-████-████████████
status: ██████████
description: ██████████████████████████████████████████
             ████████████████████████████████████████
author: ████████
tags:
  - attack.████
  - attack.████
logsource:
  product: ████████
  category: ████████████
detection:
  selection:
    Image|endswith: '████████████████'
    CommandLine|contains:
      - '████████████████████████'
      - '████████████████████████'
      - '██████████████████'
  condition: selection
level: ████████
falsepositives:
  - ████████████████████

🔒

Sign in to view the rule source

Free accounts can view the source for the top-ranked rules. Create one in seconds — no credit card required.