Alerts when host has a high number of listening services. This may be an indication that the device is running services that are not necessary (such as a default installation of a server) or is not running a firewall.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Advanced Threat Detection, Security Monitoring
Category
Endpoint Compromise, Unauthorized Software, Lateral Movement
Alert Volume
Alerts when host has a high number of listening services. This may be an indication that the device is running services that are not necessary (such as a default installation of a server) or is not running a firewall.
SPL Difficulty
Advanced
Journey
Stage 3
Data Sources
Endpoint Detection and Response