Suspicious Domain Communication

Description

Triggered when a user visits a malicious or suspicious site. This classification is determined by NGFW categories.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring, Insider Threat

Category

Command and Control, Endpoint Compromise, Data Exfiltration

Alert Volume

Medium (?)

SPL Difficulty

None

Journey

Stage 6

MITRE ATT&CK Tactics

Command and Control

MITRE ATT&CK Techniques

Custom Command and Control Protocol
Application Layer Protocol
Non-Application Layer Protocol

MITRE Threat Groups

APT29
APT3
APT32
APT37
Dragonfly 2.0
FIN6
Magic Hound
OilRig
PLATINUM
Rocke

Data Sources

Web Proxy