template_name: "Network Connection Detection" description: "Detects suspicious network connections based on PoC exploit indicators" applicable_product_patterns: - "network" - "web" - "http" - "https" - "tcp" - "udp" template_content: | title: {{TITLE}} id: {{RULE_ID}} status: experimental description: {{DESCRIPTION}} author: CVE-SIGMA Auto Generator date: {{DATE}} references: {{REFERENCES}} tags: {{TAGS}} logsource: category: network_connection product: windows detection: selection: Initiated: true DestinationIp: {{NETWORK}} selection_url: DestinationHostname|contains: {{URLS}} condition: selection or selection_url falsepositives: - Legitimate network connections - Software updates level: {{LEVEL}}