Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Identifies abnormal ports used in the organization based on learning period activity. This can indicate exfiltration attack or C2 control from machines in the organization by using new a port that has never been used.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Azure Firewall |
| ID | 8812a547-13e6-4d0c-b38d-476fb7351c52 |
| Tactics | Exfiltration, CommandAndControl |
| Techniques | T1571, T1048 |
| Required Connectors | AzureFirewall |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AZFWApplicationRule |
✓ | ✗ | ✓ |
AZFWNetworkRule |
✓ | ✗ | ✓ |
AzureDiagnostics 🔶 |
✗ | ✗ | ✗ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊