Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Identifies abnormal ports used by machines to connect to a destination IP based on learning period activity. This can indicate exfiltration attack or C2 control from machines in the organization by using new a port that has never been used.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Azure Firewall |
| ID | 3d93fa57-53e5-4d5e-96d4-ad734a8df3a4 |
| Tactics | Exfiltration, CommandAndControl |
| Required Connectors | AzureFirewall |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AZFWApplicationRule |
✓ | ✗ | ? |
AZFWNetworkRule |
✓ | ✗ | ? |
AzureDiagnostics 🔶 |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊