Navigation :
High Volume of Traffic from High or Critical Host Observed
Description
Alerts when a host of high or critical severity generates a high volume of outbound traffic. This may indicate that the host has been compromised.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Security Monitoring, Insider Threat
Category
Endpoint Compromise, Data Exfiltration, Insider Threat
Alert Volume
Alerts when a host of high or critical severity generates a high volume of outbound traffic. This may indicate that the host has been compromised.
SPL Difficulty
Advanced
Journey
Stage 4
MITRE ATT&CK Tactics
Exfiltration
MITRE ATT&CK Techniques
Exfiltration Over Alternative Protocol
Exfiltration Over C2 Channel
MITRE Threat Groups
APT3
APT32
Frankenstein
Gamaredon Group
Ke3chang
Kimsuky
Lazarus Group
MuddyWater
Sandworm Team
Soft Cell
Stealth Falcon
Wizard Spider
Data Sources
Web Proxy