Prohibited Port Activity Detected

Description

Detects the use of ports that are prohibited. Useful for detecting the installation of new software or a successful compromise of a host (such as the presence of a backdoor or a system communicating with a botnet).

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Compliance

Category

Lateral Movement, Endpoint Compromise, GDPR

Alert Volume

Detects the use of ports that are prohibited. Useful for detecting the installation of new software or a successful compromise of a host (such as the presence of a backdoor or a system communicating with a botnet).

SPL Difficulty

Medium

Journey

Stage 4

MITRE ATT&CK Tactics

Command and Control

MITRE ATT&CK Techniques

Uncommonly Used Port

MITRE Threat Groups

APT3
APT32
APT33
Gorgon Group
Group5
Lazarus Group
Magic Hound
TEMP.Veles

Data Sources

Network Communication

   GDPR Relevance

While not explicitly required for GDPR, this capability is often seen as a part of maintaining State of the Art Security and supports GDPR requirements.