Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This rule identifies beaconing patterns from Network traffic logs based on recurrent frequency patterns. Such potential outbound beaconing patterns to untrusted public networks should be investigated for any malware callbacks or data exfiltration attempts as discussed in this Blog. This analytic rule uses ASIM and supports any built-in or custom
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Network Session Essentials |
| ID | fcb9d75c-c3c1-4910-8697-f136bfef2363 |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | CommandAndControl |
| Techniques | T1071, T1571 |
| Required Connectors | AWSS3, MicrosoftThreatProtection, SecurityEvents, WindowsSecurityEvents, WindowsForwardedEvents, Zscaler, MicrosoftSysmonForLinux, PaloAltoNetworks, AzureMonitor(VMInsights), AzureFirewall, AzureNSG, CiscoASA, CiscoAsaAma, Corelight, AIVectraStream, CheckPoint, Fortinet, CiscoMeraki |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Network Session Essentials