Ubiquiti - Connection to known malicious IP or C2

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Detects allowed connections to IP addresses which are in TI list and are known to be malicious.

Attribute	Value
Type	Analytic Rule
Solution	Ubiquiti UniFi
ID	db60ca0b-b668-439b-b889-b63b57ef20fb
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Exfiltration, CommandAndControl
Techniques	T1071, T1571, T1572
Required Connectors	CustomLogsAma
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
ThreatIntelligenceIndicator	✓	✓	?
Ubiquiti_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Ubiquiti UniFi