Unknown Process Using The Kerberos Protocol
Use Alternate Authentication Material
Network_Traffic
Unusual Volume of Data Download from Internal Server Per Entity
Data from Information Repositories, Data from Network Shared Drive
Log4Shell JNDI Payload Injection with Outbound Connection
Exploit Public-Facing Application
Detect Outbound LDAP Traffic
Exploit Public-Facing Application , Command and Scripting Interpreter
Plain HTTP POST Exfiltrated Data
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol , Exfiltration Over Alternative Protocol
Multiple Archive Files Http Post Traffic
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol , Exfiltration Over Alternative Protocol
Detect Software Download To Network Device
TFTP Boot , Pre-OS Boot
TOR Traffic
Application Layer Protocol , Web Protocols
SMB Traffic Spike - MLTK
SMB/Windows Admin Shares , Remote Services
SMB Traffic Spike
SMB/Windows Admin Shares , Remote Services
Remote Desktop Network Bruteforce
Remote Desktop Protocol , Remote Services
Protocol or Port Mismatch
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol , Exfiltration Over Alternative Protocol
Prohibited Network Traffic Allowed
Exfiltration Over Alternative Protocol
Hosts receiving high volume of network traffic from email server
Remote Email Collection , Email Collection
Email servers sending high volume traffic to hosts
Email Collection , Remote Email Collection
Detect Outbound SMB Traffic
File Transfer Protocols , Application Layer Protocol
Remote Desktop Network Traffic
Remote Desktop Protocol , Remote Services
Detect Large Outbound ICMP Packets
Non-Application Layer Protocol