Navigation :
Multiple Outgoing Connections
Description
Triggered when the number of outgoing connections is greater than the user's historical baseline or the enterprise average.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Advanced Threat Detection, Security Monitoring, Insider Threat
Category
Lateral Movement, Account Compromise, Data Exfiltration
Alert Volume
Triggered when the number of outgoing connections is greater than the user's historical baseline or the enterprise average.
SPL Difficulty
None
Journey
Stage 4
MITRE ATT&CK Tactics
Exfiltration
Command and Control
MITRE ATT&CK Techniques
Exfiltration Over C2 Channel
Exfiltration Over Alternative Protocol
Custom Command and Control Protocol
Non-Application Layer Protocol
Standard Cryptographic Protocol
Multi-Stage Channels
MITRE Threat Groups
APT29
APT3
APT32
APT37
APT41
FIN6
Frankenstein
Gamaredon Group
Ke3chang
Kimsuky
Lazarus Group
Machete
MuddyWater
OilRig
PLATINUM
Sandworm Team
Soft Cell
Stealth Falcon
Taidoor
Wizard Spider
Data Sources
Network Communication