Network Detections

Name Data Source Technique Type Analytic Story Date
Cloud Network Access Control List Deleted N/A Anomaly AWS Network ACL Activity 2024-10-17
Detect Spike in Network ACL Activity Disable or Modify Cloud Firewall Anomaly AWS Network ACL Activity 2024-10-17
Detect IPv6 Network Infrastructure Threats Hardware Additions Network Denial of Service Adversary-in-the-Middle ARP Cache Poisoning TTP Router and Infrastructure Security 2024-10-17
Detect Large Outbound ICMP Packets Palo Alto Network Traffic Non-Application Layer Protocol TTP Command And Control 2024-11-06
Detect Remote Access Software Usage Traffic Palo Alto Network Traffic Remote Access Software Anomaly Command And Control, Insider Threat, Ransomware 2024-09-30
Detect Software Download To Network Device TFTP Boot Pre-OS Boot TTP Router and Infrastructure Security 2024-10-17
F5 BIG-IP iControl REST Vulnerability CVE-2022-1388 Palo Alto Network Threat Exploit Public-Facing Application External Remote Services TTP CISA AA24-241A, F5 BIG-IP Vulnerability CVE-2022-1388 2024-09-30
Hosts receiving high volume of network traffic from email server Remote Email Collection Email Collection Anomaly Collection and Staging 2024-10-17
Prohibited Network Traffic Allowed Exfiltration Over Alternative Protocol TTP Command And Control, Prohibited Traffic Allowed or Protocol Mismatch, Ransomware 2024-09-30
Remote Desktop Network Bruteforce Remote Desktop Protocol Remote Services TTP Ryuk Ransomware, SamSam Ransomware 2024-10-16
Remote Desktop Network Traffic Remote Desktop Protocol Remote Services Anomaly Active Directory Lateral Movement, Hidden Cobra Malware, Ryuk Ransomware, SamSam Ransomware 2024-10-16
TOR Traffic Palo Alto Network Traffic Proxy Multi-hop Proxy TTP Command And Control, NOBELIUM Group, Prohibited Traffic Allowed or Protocol Mismatch, Ransomware 2024-09-30
Citrix ADC Exploitation CVE-2023-3519 Palo Alto Network Threat Exploit Public-Facing Application Hunting CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519 2024-10-17
Confluence Unauthenticated Remote Code Execution CVE-2022-26134 Palo Alto Network Threat Server Software Component Exploit Public-Facing Application External Remote Services TTP Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities 2024-09-30
Detect Remote Access Software Usage URL Palo Alto Network Threat Remote Access Software Anomaly CISA AA24-241A, Command And Control, Insider Threat, Ransomware 2024-09-30
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952 Palo Alto Network Threat Exploit Public-Facing Application External Remote Services TTP Fortinet FortiNAC CVE-2022-39952 2024-09-30
Fortinet Appliance Auth bypass Palo Alto Network Threat Exploit Public-Facing Application External Remote Services TTP CVE-2022-40684 Fortinet Appliance Auth bypass 2024-09-30
Juniper Networks Remote Code Execution Exploit Detection Suricata Exploit Public-Facing Application Ingress Tool Transfer Command and Scripting Interpreter TTP Juniper JunOS Remote Code Execution 2024-09-30
VMWare Aria Operations Exploit Attempt Palo Alto Network Threat External Remote Services Exploit Public-Facing Application Exploitation of Remote Services Exploitation for Privilege Escalation TTP VMware Aria Operations vRealize CVE-2023-20887 2024-09-30
VMware Server Side Template Injection Hunt Palo Alto Network Threat Exploit Public-Facing Application External Remote Services Hunting VMware Server Side Injection and Privilege Escalation 2024-10-17
VMware Workspace ONE Freemarker Server-side Template Injection Palo Alto Network Threat Exploit Public-Facing Application External Remote Services Anomaly VMware Server Side Injection and Privilege Escalation 2024-09-30