The Suricata rules presented here are based on the blog post Detection of Command and Control Traffic Using Suricata | cyber.wtf, where we detected C2 traffic using Suricata.
Note:
- Not all rules necessarily relate to C2 traffic.
- Rules may need to be adjusted to fit your own infrastructure.
- Tested with Suricata 7.
Feel free to contribute to help detect known malicious parameters with Suricata.