Detect Use of Internationalized Domain Names in HTTP an DNS
This rule scans HTTP and DNS traffic looking for use of International domain names which can contain UTF-16 encoded characters that look like normal letters. This use of IDNs makes it difficult to visually notice that the domain name is not a desired domain.
Detect Potential Phishing
This rule detects email phishing attempts by matching the sender email, the email domain, and the reply-to domain.