Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This rule identifies allowed inbound SSH, Telnet, and RDP connections. This analytic rule leverages the SonicWall Firewall ASIM Network Session parser (ASimNetworkSessionSonicWallFirewall).
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | SonicWall Firewall |
| ID | 27f1a570-5f20-496b-88f6-a9aa2c5c9534 |
| Severity | Medium |
| Status | Experimental |
| Kind | Scheduled |
| Tactics | InitialAccess, Execution, Persistence, CredentialAccess, Discovery, LateralMovement, Collection, Exfiltration, Impact |
| Techniques | T1190, T1133, T1059, T1133, T1110, T1003, T1087, T1018, T1021, T1005, T1048, T1041, T1011, T1567, T1490 |
| Required Connectors | CEF, SonicWallFirewall, CefAma |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊