Host With High Number Of Listening ports

Description

Alerts when host has a high number of listening services. This may be an indication that the device is running services that are not necessary (such as a default installation of a server) or is not running a firewall.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Endpoint Compromise, Unauthorized Software, Lateral Movement

Alert Volume

Alerts when host has a high number of listening services. This may be an indication that the device is running services that are not necessary (such as a default installation of a server) or is not running a firewall.

SPL Difficulty

Advanced

Journey

Stage 3

Data Sources

Endpoint Detection and Response