Compromised Web Server
This is a threat rule that looks for potential webshell or external traffic followed up by data movement or unusual data access. Please see the associated anomalies to see what malicious data movement the threat rule is looking for.
This content is not mapped to any local saved search. Add mapping