The March 2026 Network Detection Newsletter includes detection highlights across our Network product portfolio. In the past month, almost 800 network rules have been created across Trellix Network Security (NX), Network Detection and Response Sensor (NDRS), and Intrusion Prevention System (IPS) to identify malicious or suspicious network traffic spanning C2 communication, lateral movement, as well as vulnerability exploits.
The March NDR detection focused on various areas, including
- Additional focus on MuddyWater, an Iranian-linked APT group, responsible for recent various cyberattacks on public and private infrastructure
- Expansion of lateral movement for BloodHound and Sharphound coverage
- Updated coverage for various malware families, such as Remcos, Formbook, and various dropped files
For IPS, almost 200 rules were written to detect various network-based exploits across multiple software platforms including
- SolarWinds Web Help Desk (CVE-2025-40551, CVE-2025-40554, CVE-2025-40536)
- Olalampo-Muddywater Malicious File Download Detected
- Ivanti Endpoint Manager (CVE-2026-1281)
- Telnetd (CVE-2026-32746)
- Langflow (CVE-2026-27966)
For more details about the detections, see the Knowledge article Trellix Network Detection Newsletter - March 2026.
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.