Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query looks for outbound SSH/SCP connections identified by the expected port number (22) or by the SonicWall Deep Packet Inspection services. This query leverages the SonicWall Firewall ASIM Network Session parser.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | SonicWall Firewall |
| ID | dedb8fb9-3caa-4b00-ae88-1898eed78917 |
| Tactics | Exfiltration |
| Techniques | T1020, T1048 |
| Required Connectors | SonicWallFirewall, CefAma |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊