Substantial Increase In Port Activity

Description

Alerts when a statistically significant increase in events on a given port is observed.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Advanced Threat Detection

Category

Data Exfiltration

Alert Volume

Alerts when a statistically significant increase in events on a given port is observed.

SPL Difficulty

Advanced

Journey

Stage 2

MITRE ATT&CK Tactics

Command and Control

MITRE ATT&CK Techniques

Uncommonly Used Port

MITRE Threat Groups

APT3
APT32
APT33
Gorgon Group
Group5
Lazarus Group
Magic Hound
TEMP.Veles

Data Sources

Network Communication