Detection Rules

Auto-generated rules categorized by detection scope

Total

Active

🖥️System

📄File

🌐Network

Auto-Gen

Total Hits

558

🖥️

Reconnaissance: Active Network Scanning

active

medium

127 hits

Detects active network scanning patterns observed in honeypot targeting smart home devices

T1595 T1595.001

auto

#reconnaissance#network-scan+1

🖥️

Exploitation: Command Injection via IoT Protocol

active

critical

89 hits

Detects command injection attempts through CoAP/MQTT payloads

T1190 T1059.004

auto

#exploitation#command-injection+1

📄

Malware: Mirai Variant Detection

active

critical

34 hits

YARA rule for detecting Mirai botnet variant payloads

T1059.004 T1570

auto

#malware#mirai+2

🌐

Lateral Movement: Internal Network Probe

active

high

56 hits

Detects lateral movement attempts from compromised IoT devices

T1570 T1087

auto

#lateral-movement#network+1

🖥️

Credential Theft: Default Password Attempt

draft

high

0 hits

Detects attempts to authenticate with known default IoT credentials

T1078 T1110

auto

#credential-theft#default-creds+1

🖥️

Discovery: Account Enumeration

disabled

low

234 hits

Detects account enumeration attempts via API endpoints

T1087

auto

#discovery#enumeration+1

🌐

C2: Beaconing Activity Detection

active

high

18 hits

Zeek script for detecting periodic C2 beaconing patterns

T1071 T1573

auto

#c2#beaconing+1