FireEye's Sunburst Countermeasures
Open-source detection rules for identifying SolarWinds SunBurst backdoor activities and related vulnerabilities across multiple security tools.
What is FireEye's Sunburst Countermeasures?
FireEye SunBurst Countermeasures is a collection of open-source detection rules and indicators of compromise (IoCs) for identifying malicious activities associated with the SolarWinds SunBurst supply chain attack. It provides security teams with ready-to-use signatures across multiple security tool formats to detect backdoored SolarWinds Orion NMS activities and related vulnerabilities in their environments.
Security operations teams, threat hunters, and incident responders who need to detect and investigate SolarWinds SunBurst compromise activities in their networks using existing security tools.
This project offers freely available, professionally developed detection rules from FireEye Mandiant that can be immediately deployed across multiple security platforms, providing organizations with enterprise-grade threat detection capabilities without commercial licensing requirements.
Overview
This repository provides a collection of detection rules and indicators of compromise (IoCs) for identifying malicious activities associated with the SolarWinds SunBurst supply chain attack. These rules help security teams detect backdoored SolarWinds Orion NMS activities and related vulnerabilities in their environments.
Key Features
- Multi-language Rules — Detection logic available in Snort, Yara, IOC, and ClamAV formats for integration with various security tools
- Production & Supplemental Rules — Categorized rules with production-ready signatures and supplemental rules for threat hunting workflows
- Community-Driven Updates — Regularly updated repository with the latest detection capabilities for evolving threats
- Threat-Specific Detection — Focused rules for UNC2452/SolarWinds compromise activities while noting distinctions for COSMICGALE and SUPERNOVA threats
Philosophy
These rules are provided freely to the community to enhance collective defense against sophisticated supply chain attacks, with clear categorization to help security teams balance detection accuracy and operational efficiency.
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
