Multiple Outgoing Connections

Description

Triggered when the number of outgoing connections is greater than the user's historical baseline or the enterprise average.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring, Insider Threat

Category

Lateral Movement, Account Compromise, Data Exfiltration

Alert Volume

Triggered when the number of outgoing connections is greater than the user's historical baseline or the enterprise average.

SPL Difficulty

None

Journey

Stage 4

MITRE ATT&CK Tactics

Exfiltration
Command and Control

MITRE ATT&CK Techniques

Exfiltration Over C2 Channel
Exfiltration Over Alternative Protocol
Custom Command and Control Protocol
Non-Application Layer Protocol
Standard Cryptographic Protocol
Multi-Stage Channels

MITRE Threat Groups

APT29
APT3
APT32
APT37
APT41
FIN6
Frankenstein
Gamaredon Group
Ke3chang
Kimsuky
Lazarus Group
Machete
MuddyWater
OilRig
PLATINUM
Sandworm Team
Soft Cell
Stealth Falcon
Taidoor
Wizard Spider

Data Sources

Network Communication