Hi there, Is anyone aware if any rule available to detect or block DNScat tool? Can someone please point me? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180312/9f0677bc/attachment-0002.html>