(spp_sip) Maximum dialogs within a session reached

The rule is designed to trigger an alert when it detects a SIP event where the maximum number of allowed dialogs within a session is exceeded. In SIP, a dialog represents a peer-to-peer communication relationship between two user agents (e.g., phones, softphones, etc.). A session can include multiple dialogs for different communication exchanges.

Categories:

Cyber Attack
Preprocessor

ID Number

0000027

Signature

alert ( msg: "SIP_EVENT_MAX_DIALOGS_IN_A_SESSION"; sid: 27; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )

MITRE ATT&CK Technique

Severity

Low

Recommendations/Investigative actions

Can be disabled will trigger many False Positives