Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Every standard app has a port associated with it. This query will identify if destination port associated with destination app is not standard which can be a case of network spoofing attack.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Network Session Essentials |
| ID | a61e9fc1-dd9e-4588-a497-2a34a1d811bf |
| Tactics | Discovery |
| Required Connectors | AWSS3, MicrosoftThreatProtection, SecurityEvents, WindowsSecurityEvents, WindowsForwardedEvents, Zscaler, MicrosoftSysmonForLinux, PaloAltoNetworks, AzureMonitor(VMInsights), AzureFirewall, AzureNSG, CiscoASA, CiscoAsaAma, Corelight, AIVectraStream, CheckPoint, Fortinet, CiscoMeraki |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Network Session Essentials