template_name: "Network Connection Detection"
description: "Detects suspicious network connections based on PoC exploit indicators"
applicable_product_patterns:
  - "network"
  - "web"
  - "http"
  - "https"
  - "tcp"
  - "udp"
template_content: |
  title: {{TITLE}}
  id: {{RULE_ID}}
  status: experimental
  description: {{DESCRIPTION}}
  author: CVE-SIGMA Auto Generator
  date: {{DATE}}
  references:
  {{REFERENCES}}
  tags:
  {{TAGS}}
  logsource:
      category: network_connection
      product: windows
  detection:
      selection:
          Initiated: true
          DestinationIp:
  {{NETWORK}}
      selection_url:
          DestinationHostname|contains:
  {{URLS}}
      condition: selection or selection_url
  falsepositives:
      - Legitimate network connections
      - Software updates
  level: {{LEVEL}}