heroui logo

Zscaler Adware Activities Threat Blocked

Splunk Security Content

View Source
Summary
The Zscaler Adware Activities Threat Blocked analytic identifies and blocks potential adware-related activities using web proxy logs. By analyzing key data points such as device owner, user, URL category, destination URL, and source IP, the rule detects blocked actions linked to adware threats. Adware poses risks like diminished system performance and exposure to additional malicious content. This analytic employs a Splunk query to sift through Zscaler proxy logs, ensuring that suspicious activities are flagged for review. Users are advised to implement this analytic with the Zscaler Add-on for Splunk and to modify detection parameters as necessary for their unique environments. False positives are primarily dependent on Zscaler's configuration, necessitating awareness among security teams during monitoring.
Categories
  • Web
Data Sources
  • Web Credential
  • Network Traffic
ATT&CK Techniques
  • T1566
Created: 2024-11-15