Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This rule is triggered when CYFIRMA identifies open and publicly accessible ports on internet-facing assets. Exposed services may include SSH, RDP, HTTP, or other potentially sensitive ports, increasing the risk of unauthorized access, exploitation, or reconnaissance by threat actors. Monitoring open ports is critical to reducing the external attack surface and preventing misuse through brute force, service vulnerabilities, or protocol exploitation.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Cyfirma Attack Surface |
| ID | 87e7eb3f-bb8e-46e5-8807-d3fc63d0f676 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | InitialAccess, CommandAndControl, Discovery, DefenseEvasion, Persistence |
| Techniques | T1566, T1071, T1505 |
| Required Connectors | CyfirmaAttackSurfaceAlertsConnector |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CyfirmaASOpenPortsAlerts_CL |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊