Compromised Web Server

Description

This is a threat rule that looks for potential webshell or external traffic followed up by data movement or unusual data access. Please see the associated anomalies to see what malicious data movement the threat rule is looking for.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Application Security

Category

Endpoint Compromise, Malware

Alert Volume

Low

Journey

Stage 4

Data Sources

DLP
Web Server
Endpoint Detection and Response
Email
Network Communication
Web Proxy