Tor Traffic

Description

This search looks for network traffic identified as The Onion Router (TOR), a benign anonymity network which can be abused for a variety of nefarious purposes.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Security Monitoring

Category

Data Exfiltration

Alert Volume

This search looks for network traffic identified as The Onion Router (TOR), a benign anonymity network which can be abused for a variety of nefarious purposes.

SPL Difficulty

None

Journey

Stage 2

MITRE ATT&CK Techniques

Application Layer Protocol

Web Protocols

MITRE Threat Groups

APT18
APT19
APT28
APT32
APT33
APT37
APT38
APT39
APT41
BRONZE BUTLER
Cobalt Group
Dark Caracal
FIN4
Gamaredon Group
Inception
Ke3chang
Lazarus Group
Machete
Magic Hound
MuddyWater
Night Dragon
OilRig
Orangeworm
Rancor
Rocke
Sandworm Team
SilverTerrier
Stealth Falcon
TA505
Threat Group-3390
Tropic Trooper
Turla
WIRTE
Wizard Spider

Kill Chain Phases

Command and Control

Data Sources

Network Communication

   Help

Tor Traffic Help

In order to properly run this search, Splunk needs to ingest data from firewalls or other network control devices that mediate the traffic allowed into an environment. This is necessary so that the search can identify an 'action' taken on the traffic of interest. The search requires the Network_Traffic data model be populated.

   Search

Open in Search