SCADAFence
The SCADAfence platform extends visibility into IT and OT networks. This collection of detection rules works with the InsightIDR SCADAFence integration.
SCADAFence - Admin Weak Authentication
Description
This detection identifies an administrator authenticating to a system with a weak password.
Recommendation
Ensure that strong passwords are being used, especially for administrative accounts, and adhere to defined password policies requirements for both length and complexity.
SCADAFence - Analysis And Correlation Service Is Not Functioning Properly
Description
This detection identifies that the analysis and correlation service is not functioning properly.
Recommendation
Verify the system is operating correctly.
SCADAFence - An Asset Reconnected To CC-link IE Network
Description
This detection identifies an asset reconnecting to a CC-link IE network.
Recommendation
Verify that this activity was authorized.
SCADAFence - Anomalous Ethernet Behavior
Description
This detection identifies when a host attempts to connect to several unknown 'mac' addresses.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Anomalous TCP Behavior
Description
This detection identifies hosts attempting to connect to unknown TCP endpoints.
Recommendation
Verify that this activity is authorized.
SCADAFence - Anomalous UDP Behavior
Description
This detection identifies hosts attempting to connect to unknown UDP endpoints.
Recommendation
Verify that this activity is authorized.
SCADAFence - API
Description
This detection identifies use of API that is user defined.
Recommendation
Verify that this behavior is authorized.
SCADAFence - ARP Man In The Middle Attack
Description
This detection identifies ARP based man-in-the-middle attacks.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Asset Changed OS Type Or Version
Description
This detection identifies when a host has changed operating system version or type.
Recommendation
Verify that this change was authorized.
SCADAFence - Bacnet Device Communication-Start Request Detected
Description
This detection identifies bacnet communication start requests being performed.
Recommendation
Verify that this activity was authorized.
SCADAFence - Bacnet Device Communication-Stop Request Detected
Description
This detection identifies bacnet service communication stop requests being performed.
Recommendation
Verify that this activity was authorized.
SCADAFence - Bacnet Device Reinitialize-Service Request Detected
Description
This detection identifies bacnet service reinitialize requests being performed.
Recommendation
Verify that this activity was authorized.
SCADAFence - Brute Force Auditing Tool Detected THC-Hydra
Description
This detection identifies the presence of the brute forcing tool known as Hydra from The Hackers Choice (THC).
Recommendation
Verify that this activity was authorized.
SCADAFence - Brute Force Tool Detected Medusa
Description
This detection identifies the presence of the Medusa brute forcing tool.
Recommendation
Verify that this activity was authorized.
SCADAFence - Call-home Functionality Enabled On IoT Device
Description
This detection identifies a host is calling home.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Camera Configuration Change Detected
Description
This detection identifies commands to reconfigure a camera being executed.
Recommendation
Verify that this activity was authorized.
SCADAFence - CIP Configuration Change Detected
Description
This detection identifies when a CIP configuration change request has been sent to a device.
Recommendation
Verify that this activity was authorized.
SCADAFence - Default Credentials
Description
This detection identifies the use of default credentials being used in an attempt to authenticate to a system.
Recommendation
Verify that this activity was authorized and not the result of a malicious attacker attempting to gain access to the system.
SCADAFence - Default FTP Password
Description
This detection identifies the use of anonymous access to the file transfer protocol 'ftp' service.
Recommendation
Verify that the server is authorized to allow anonymous access to this service.
SCADAFence - Default SNMP Password For Read Access
Description
This detection identifies the use of a default password when authenticating to a service.
Recommendation
Verify that use of default passwords is authorized. If not, change the password to be longer and more complex to protect against password guessing attacks.
SCADAFence - Default SNMP Password For Write Access
Description
This detection identifies the use of a default password when authenticating to a service.
Recommendation
Verify that use of weak passwords is authorized. If not, change the password to be longer and more complex to protect against password guessing attacks.
SCADAFence - Device Configuration Change Detected
Description
This detection identifies device configurations being changed.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Device Firmware Update Detected
Description
This detection identifies firmware being upgraded on a device.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Device Is No Longer Supported
Description
This detection identifies systems that are no longer supported and cannot effectively be managed.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Device Not Initialized
Description
This detection identifies that a device is not initialized.
Recommendation
Verify that this behavior is expected.
SCADAFence - Device With No Authentication Was Identified
Description
This detection identifies devices with services configured that require no authentication in order to access.
Recommendation
Verify that this configuration is authorized.
SCADAFence - DHCP Discovery
Description
This detection identifies when a system requests a DHCP discovery.
Recommendation
Verify that the host and its configuration are authorized to be on the network and using DHCP.
SCADAFence - DHCP Request For IP
Description
This detection identifies requests for an address using DHCP.
Recommendation
Verify that the host and its configuration are authorized to be on the network and using DHCP.
SCADAFence - Directory Traversal Attempt Detected
Description
This detection identifies attempts to perform web directory traversal.
Recommendation
Verify that this activity was authorized.
SCADAFence - Domain Reputation Alert
Description
This detection identifies attempts to resolve malicious domains.
Recommendation
Review the the alert in question and determine why the domain was attempted to be resolved.
SCADAFence - Duplicate MAC Detected
Description
This detection identifies duplicate media access control 'mac' addresses.
Recommendation
Verify that this is a misconfiguration and not the result of ARP poisoning by a malicious actor.
SCADAFence - Email Distribution Service Is Not Functioning Properly
Description
This detection identifies that the email distribution service is not functioning.
Recommendation
Verify that the email system is operating.
SCADAFence - Excessive ARP Resolution
Description
This detection identifies when a host attempts to resolve to several unknown IP addresses.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Excessive DNS Queries
Description
This detection identifies when a host attempts to resolve to several domain names.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Excessive DNS Servers Queried
Description
This detection identifies when a host attempts to connect to resolve against several DNS servers.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Excessive New IP Connections
Description
This detection identifies when a host opened up an excessive number of connections to other hosts.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Failed Login Attempt
Description
This detection identifies a failed login attempt.
Recommendation
Verify that the failed login attempt was accidental by the user and not an attempt by a malicious actor.
SCADAFence - Foreign Host By IPs Resolution
Description
This detection identifies when a new host is present on the network and begins attempting to resolving several unknown hosts.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Foreign Host By Unknown IPs
Description
This detection identifies when a new host is present on the network and begins connecting to several hosts.
Recommendation
Verify that this activity is authorized.
SCADAFence - Foreign Host By Unknown MAC's
Description
This detection identifies when a new host is present on the network and begins connecting to several hosts.
Recommendation
Verify that this activity is authorized.
SCADAFence - Group To Group Communication
Description
This detection identifies network connections between different group names.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Heartbleed Exploitation Attempt Detected
Description
This detection identifies an attempt to exploit the vulnerability in OpenSSL known as Heartbleed (cve-2014-0160).
Recommendation
Verify that this activity was authorized.
SCADAFence - Heartbleed Successful Exploitation Detected
Description
This detection identifies the successful exploitation of the vulnerability in OpenSSL known as Heartbleed (cve-2014-0160).
Recommendation
Verify that this activity was authorized.
SCADAFence - Hostname Changed
Description
This detection identifies the change in hostname.
Recommendation
Verify that this change in hostname is authorized.
SCADAFence - Hostname Conflict Detected
Description
This detection identifies duplicate hostnames.
Recommendation
Verify that this is a misconfiguration and not a result of a malicious actor.
SCADAFence - ICS Failed Login Attempt
Description
This detection identifies failed login attempts to ICS.
Recommendation
Verify that this activity was authorized.
SCADAFence - Industrial Device Firmware Updated Command Issued
Description
This detection identifies that a device firmware update command was issued.
Recommendation
Verify that this activity was authorized.
SCADAFence - Industrial Parameter Value Out Of Range
Description
This detection identifies when a value is out of the parameters range.
Recommendation
Verify that this configuration is correct.
SCADAFence - Industrial Protocol DPI Alert
Description
This detection identifies ICS traffic triggering a DPI rule.
Recommendation
Verify that this activity was authorized.
SCADAFence - Invalid DHCP IP Offer Potential Denial Of Service Attempt
Description
This detection identifies invalid DHCP offers being given on the network.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Invalid RARP IP Offer Possible Denial Of Service Attempt
Description
This detection identifies invalid RARP offers being given on the network.
Recommendation
Verify that this behavior is authorized.
SCADAFence - IP Conflict Detected
Description
This detection identifies the same IP address being associated with two different media access control or 'mac' addresses.
Recommendation
Verify that this is a misconfiguration and not the result of malicious actor behavior.
SCADAFence - IP Reputation Alert
Description
This detection identifies attempts to connect to malicious IP addresses.
Recommendation
Review the the alert in question and determine why the IP address was attempted to be connected to.
SCADAFence - KNX Memory Write Command Issued
Description
This detection identifies when a KNX memory write command has been issued.
Recommendation
Verify that this activity was authorized.
SCADAFence - KNX Restart Command Issued
Description
This detection identifies when a KNX restart command has been issued.
Recommendation
Verify that this activity was authorized.
SCADAFence - Limewire P2P File Sharing App Detected
Description
This detection identifies the presence of peer-to-peer protocols associated with Limewire.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Link Idle or Down
Description
This detection identifies when the system is experiencing a down or idle network interface.
Recommendation
Verify that the system is able to effectively monitor the network traffic.
SCADAFence - Location Is Not Responding
Description
This detection identifies that a location is not responding.
Recommendation
Verify the location is up and operational.
SCADAFence - MAC Changed
Description
This detection identifies the change of a media access control or 'mac' address.
Recommendation
Verify that the network card for this host has changed and that this observed behavior was not the result of ARP poisoning or other malicious attacker behavior.
SCADAFence - Missing Device
Description
This detection identifies when a host has not be observed on the network for a period of time.
Recommendation
Verify that this host is functioning as expected and is able to be monitored by the system.
SCADAFence - Multihomed Host Detected
Description
This detection identifies a host that has multiple network addresses.
Recommendation
Verify that this host is not unintentionally bridging networks that should be segmented.
SCADAFence - Multi-Site Communication Service Is Not Functioning Properly
Description
This detection identifies when the multi-site communication service is not functioning properly.
Recommendation
Verify that the service is functioning properly.
SCADAFence - Net Group Query For Administrative Group
Description
This detection identifies querying for administrative groups using 'net.exe'.
Recommendation
Verify that this activity was authorized.
SCADAFence - Network Scanner Tool Detected
Description
This detection identifies the presence of a network scanning tool.
Recommendation
Verify that this activity was authorized.
SCADAFence - Network Scanner Was Detected
Description
This detection identifies network scanning activity.
Recommendation
Verify that this behavior is authorized.
SCADAFence - New Asset Connected To CC-Link IE Network
Description
This detection identifies new assets being connected to CC-link IE networks.
Recommendation
Verify that this activity was authorized.
SCADAFence - New Connection To Industrial Device
Description
This detection identifies never before observed connections to industrial devices.
Recommendation
Verify that this behavior is authorized.
SCADAFence - New Host Detected
Description
This detection identifies that a new host is present.
Recommendation
Verify that the newly detected host should be present on the network.
SCADAFence - New ICS Command
Description
This detection identifies that a new ICS command has been executed.
Recommendation
Verify that source address executing the command was authorized.
SCADAFence - New IP Connect
Description
This detection identifies a new source address connecting.
Recommendation
Verify that this source address is authorized to connect to this service.
SCADAFence - New Management Connection To Camera
Description
This detection identifies management connections to cameras.
Recommendation
Verify that this activity was authorized.
SCADAFence - New Port
Description
This detection identifies that a new port was connected to that had not been observed before.
Recommendation
Verify that this connection was authorized and not the result of malicious actor activity.
SCADAFence - No Reply
Description
This detection identifies when a host attempts to connect to another address and receives no reply.
Recommendation
Verify that this behavior is authorized.
SCADAFence - OCP-UA User Read Operation Access Denied
Description
This detection identifies when an OCP-UA user does not have the required access to perform the requested read operation.
Recommendation
Verify that this activity was authorized.
SCADAFence - OPC-UA User Write Operation Access Denied
Description
This detection identifies when an OCP-UA user does not have the required access to perform the requested write operation.
Recommendation
Verify that this activity was authorized.
SCADAFence - OT To Internet Unauthorized Outbound Connection
Description
This detection identifies unauthorized connections from operation technology systems to public Internet.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Packet Drop
Description
This detection identifies when the system is experiencing an excessive amount of dropped packets.
Recommendation
Verify that the system is able to effectively monitor the amount of network traffic.
SCADAFence - Packet Flood Denial Of Service
Description
This detection identifies excessive amount of packets being sent from one host to another.
Recommendation
Verify that the network traffic being generated is authorized.
SCADAFence - Packet Processing Service Is Not Functioning Properly
Description
This detection identifies that the packet processing service may not be analyzing network traffic.
Recommendation
Verify that the network is actively being monitored by the system.
SCADAFence - Password Brute Force Attack
Description
This detection identifies potential brute force attacks.
Recommendation
Verify that this activity was authorized and not the result of a malicious attacker.
SCADAFence - Persirai Botnet Infection Detected
Description
This detection identifies a host that is infected with Persirai botnet.
Recommendation
Verify if this host is infected and rebuild from known good source as necessary.
SCADAFence - Plaintext Authentication
Description
This detection identifies that an unencrypted authentication has occurred.
Recommendation
Verify that the associated service is authorized to provide unencrypted methods of authentication.
SCADAFence - PLC Firmware Update Command Issued
Description
This detection identifies PLC firmware update commands being issued.
Recommendation
Verify that this activity was authorized.
SCADAFence - PLC Memory Reset Command Issued
Description
This detection identifies PLC memory reset commands being issued.
Recommendation
Verify that this activity was authorized.
SCADAFence - PLC Remote Programming Mode Command Issued
Description
This detection identifies PLC remote programming mode commands being issued.
Recommendation
Verify that this activity was authorized.
SCADAFence - PLC Remote Run Mode Command Issued
Description
This detection identifies PLC remote run mod commands being issued.
Recommendation
Verify that this activity was authorized.
SCADAFence - PLC Remote Test Mode Command Issued
Description
This detection identifies PLC remote test mode commands being issued.
Recommendation
Verify that this activity was authorized.
SCADAFence - PLC Restart Command Issued
Description
This detection identifies PLC restart commands being issued.
Recommendation
Verify that this activity was authorized.
SCADAFence - PLC Start Command Issued
Description
This detection identifies the execution of a PLC start command.
Recommendation
Verify that this activity was authorized.
SCADAFence - PLC Start Detected
Description
This detection identifies when a PLC start has been sent.
Recommendation
Verify that this activity was authorized.
SCADAFence - PLC Stop Command Issued
Description
This detection identifies the execution of a PLC stop command.
Recommendation
Verify that this activity was authorized.
SCADAFence - PLC Stop Detected
Description
This detection identifies when a PLC stop has been sent.
Recommendation
Verify that this activity was authorized.
SCADAFence - PLC Time Change Request Detected
Description
This detection identifies a time change command being executed.
Recommendation
Verify that this activity was authorized.
SCADAFence - Possible BlackEnergy Malware Infection
Description
This detection identifies BlackEnergy trojan communications.
Recommendation
Verify that the system is not infected with the BlackEnergy trojan.
SCADAFence - Possible BlueKeep RDP Exploitation Attempt Detected
Description
This detection identifies the attempted use of an RDP exploit known as Eternal Blue.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Possible Havex Malware Infection
Description
This detection identifies Havex trojan communications.
Recommendation
Verify that the system is not infected with the Havex trojan.
SCADAFence - Possible Industroyer Malware Infection
Description
This detection identifies Industroyer trojan communications.
Recommendation
Verify that the system is not infected with the Industroyer trojan.
SCADAFence - Possible IRC Bot Trojan Infection
Description
This detection identifies IRC bot trojan communications.
Recommendation
Verify that the system is not infected with an IRC bot trojan.
SCADAFence - Possible Linux/AED.DDoS Malware Infection
Description
This detection identifies AED trojan communications.
Recommendation
Verify that the system is not infected with the AED trojan.
SCADAFence - Possible PCRat/Gh0st Malware Trojan Infection
Description
This detection identifies PCRat/Gh0st trojan communications.
Recommendation
Verify that the system is not infected with PCRat/Gh0st trojan.
SCADAFence - Possible Snake Malware Infection
Description
This detection identifies Snake trojan communications.
Recommendation
Verify that the system is not infected with the Snake trojan.
SCADAFence - Possible Trisis Malware Infection
Description
This detection identifies Trisis trojan communications.
Recommendation
Verify that the system is not infected with the Trisis trojan.
SCADAFence - Possible WannaCry Malware Infection
Description
This detection identifies the download of WannaCry malware.
Recommendation
Verify that the system is not infected with WannaCry malware.
SCADAFence - Possible WannaCry Malware Traffic
Description
This detection identifies WannaCry malware communications.
Recommendation
Verify that the system is not infected with WannaCry malware.
SCADAFence - Possible ZeuS Malware Infection
Description
This detection identifies ZeuS trojan communications.
Recommendation
Verify that the system is not infected with ZeuS trojan.
SCADAFence - Programming Read Command Detected
Description
This detection identifies a programming read command being executed.
Recommendation
Verify that this activity was authorized.
SCADAFence - Programming Write Command Detected
Description
This detection identifies a write sequence to a PLC.
Recommendation
Verify that this activity was authorized.
SCADAFence - PsExec Tool Detected
Description
This detection identifies the use of PsExec.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Remote Command Execution Attempt Detected
Description
This detection identifies attempted remote command execution delivered over HTTP.
Recommendation
Verify that this activity was authorized.
SCADAFence - Remote Windows Command Shell Detected
Description
This detection identifies when a system has remotely opened a Windows command shell.
Recommendation
Verify that this activity was authorized.
SCADAFence - Ripple20 CVE-2020-11896 Exploitation Attempt Detected
Description
This detection identifies the attempted use of Ripple20 exploits against the Treck IP stack.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Ripple20 CVE-2020-11898 Exploitation Attempt Detected
Description
This detection identifies the attempted use of Ripple20 exploits against the Treck IP stack.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Same MAC Was Detected In More Than One VLAN
Description
This detection identifies that the same MAC address was detection on more than one VLAN with an hour.
Recommendation
Verify that this activity was authorized.
SCADAFence - SCADA Systems Signature Detected
Description
This detection identifies if a SCADA systems signature has been detected.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Scheduled Task Creation Attempt
Description
This detection identifies the attempted creation of scheduled tasks.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Scheduled Task Remote Process Execution
Description
This detection identifies the attempt to create a remote scheduled task.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Signature Engine Service Is Not Functioning Properly
Description
This detection identifies when the signature engine service is not functioning.
Recommendation
Verify the service is functioning.
SCADAFence - SMB Exploitation Attempt MS08-67
Description
This detection identifies the attempted use of an SMB exploit referenced in Microsoft's security bulletin MS08-67.
Recommendation
Verify that this behavior is authorized.
SCADAFence - SMB Exploitation Attempt MS17-10 Eternal Blue
Description
This detection identifies the attempted use of an SMB exploit referenced in Microsoft's security bulletin MS17-10 and is also known as Eternal Blue.
Recommendation
Verify that this behavior is authorized.
SCADAFence - SMB Exploitation Attempt MS17-10 EternalRomance
Description
This detection identifies the attempted use of an SMB exploit referenced in Microsoft's security bulletin MS17-10 and is also known as Eternal Romance.
Recommendation
Verify that this behavior is authorized.
SCADAFence - SMBv3 CVE-2020-0796 Exploitation Attempt Detected
Description
This detection identifies the attempted use of an SMB exploit referenced in CVE-2020-0796.
Recommendation
Verify that this behavior is authorized.
SCADAFence - SSRR/LSRR Exploitation Attempt
Description
This detection identifies that an exploit attempt was sent over IP using strict source or loose source record routes.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Successful Login Attempt
Description
This detection identifies a successful login attempt.
Recommendation
Verify that the login is expected.
SCADAFence - Suspicious Write Command To PLC
Description
This detection identifies that a suspicious write command was sent to the PLC.
Recommendation
Verify that this command was authorized and not a result of malicious actor activity.
SCADAFence - TCP Options MSS Denial Of Service Attempt
Description
This detection identifies that an exploit attempt was sent over TCP using the maximum segment size.
Recommendation
Verify that this behavior is authorized.
SCADAFence - TCP Urgent Exploitation Attempt
Description
This detection identifies that an exploit attempt was sent over TCP.
Recommendation
Verify that this behavior is authorized.
SCADAFence - TeamViewer Inbound Connection Established
Description
This detection identifies inbound TeamViewer connections being established.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Trickbot Trojan Communication Detected
Description
This detection identifies Trickbot trojan communications.
Recommendation
Verify that the system is not infected with the Trickbot trojan.
SCADAFence - Unauthorized Inbound Connection
Description
This detection identifies unauthorized connections to internal systems.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Unauthorized Inbound Connection To OT Network
Description
This detection identifies unauthorized connections to operational technology systems.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Unauthorized Outbound Connection
Description
This detection identifies unauthorized connections to external systems.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Unauthorized Outbound Connection
Description
This detection identifies when a host attempts to connect to external IP addresses.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Uncommon Configuration Was Detected On An IoT Device
Description
This detection identifies uncommon configurations of devices.
Recommendation
Verify that this configuration is authorized.
SCADAFence - Unknown IPs
Description
This detection identifies when a host attempts to connect to several unknown IP addresses.
Recommendation
Verify that this behavior is authorized.
SCADAFence - Use Of Deprecated Protocol SMBv1
Description
This detection identifies the use of the deprecated protocol SMBv1.
Recommendation
Verify that this behavior is authorized.
SCADAFence - User Defined Alert
Description
This detection identifies user defined alerts.
Recommendation
Review the alert in question.
SCADAFence - User Weak Authentication
Description
This detection identifies the use of a weak password when authenticating to a service.
Recommendation
Verify that use of weak passwords is authorized. If not, change the password to be longer and more complex to protect against password guessing attacks.
SCADAFence - Vulnerability Assessment Tool Detected Nessus
Description
This detection identifies the presence of the web vulnerability assessment tool known as Nessus.
Recommendation
Verify that this activity was authorized.
SCADAFence - Vulnerable Device Configuration Detected
Description
This detection identifies a vulnerable configuration of a device.
Recommendation
Verify that this configuration is authorized.
SCADAFence - Web Vulnerability Assessment Tool Detected Burpsuite
Description
This detection identifies the presence of the web vulnerability assessment tool known as Burpsuite.
Recommendation
Verify that this activity was authorized.
SCADAFence - Web Vulnerability Assessment Tool Detected Nikto
Description
This detection identifies the presence of the Nikto web vulnerability assessment tool.
Recommendation
Verify that this activity was authorized.
SCADAFence - WMI Possible Remote Process Execution
Description
This detection identifies a possible attempt to perform remote process execution through Windows Management Instrumentation.
Recommendation
Verify that this activity was authorized.
SCADAFence - WMI Remote Process Execution
Description
This detection identifies an attempt to perform remote process execution through Windows Management Instrumentation. Verify that this activity was authorized.
Recommendation
Verify that this activity was authorized.
SCADAFence - ZeroAccess Trojan Communication Detected
Description
This detection identifies ZeroAccess trojan communications.
Recommendation
Verify that the system is not infected with the ZeroAccess trojan.