Outbound Network Connection from Java Using Default Ports
Exploit Public-Facing Application
Network_Traffic
Unknown Process Using The Kerberos Protocol
Use Alternate Authentication Material
Unusual Volume of Data Download from Internal Server Per Entity
Data from Information Repositories, Data from Network Shared Drive
Log4Shell JNDI Payload Injection with Outbound Connection
Exploit Public-Facing Application
Detect Outbound LDAP Traffic
Exploit Public-Facing Application, Command and Scripting Interpreter
Plain HTTP POST Exfiltrated Data
Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol
Multiple Archive Files Http Post Traffic
Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol
Detect Software Download To Network Device
TFTP Boot, Pre-OS Boot
TOR Traffic
Application Layer Protocol, Web Protocols
SMB Traffic Spike - MLTK
SMB/Windows Admin Shares, Remote Services
SMB Traffic Spike
SMB/Windows Admin Shares, Remote Services
Prohibited Network Traffic Allowed
Exfiltration Over Alternative Protocol
Remote Desktop Network Bruteforce
Remote Desktop Protocol, Remote Services
Email servers sending high volume traffic to hosts
Email Collection, Remote Email Collection
Hosts receiving high volume of network traffic from email server
Remote Email Collection, Email Collection
Protocol or Port Mismatch
Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol
Detect Outbound SMB Traffic
File Transfer Protocols, Application Layer Protocol
Remote Desktop Network Traffic
Remote Desktop Protocol, Remote Services
Detect Large Outbound ICMP Packets
Non-Application Layer Protocol