Netskope - Suspicious Network Context (Unusual IPs/Geo/Ports)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Detects suspicious network activity based on unusual source/destination IPs, geographic anomalies, uncommon ports, and high traffic volumes.

Attribute	Value
Type	Analytic Rule
Solution	NetskopeWebTx
ID	6d989fb0-933e-4ae6-88fa-10e7b51c8897
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	CommandAndControl, Exfiltration, Discovery
Techniques	T1071, T1048, T1046
Required Connectors	NetskopeWebTxConnector
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
NetskopeWebTransactions_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to NetskopeWebTx