Reconnaissance
Rule Name | id | Required data connectors |
---|---|---|
API - API Scraping | d944d564-b6fa-470d-b5ab-41b341878c5e | 42CrunchAPIProtection |
API - Invalid host access | 28500be7-cfcf-40e1-bad4-bc524e9283e2 | 42CrunchAPIProtection |
API - Kiterunner detection | 421b38ec-4295-4aed-8299-c92e268ad663 | 42CrunchAPIProtection |
Rare client observed with high reverse DNS lookup count - Anomaly based (ASIM DNS Solution) | 0fe6bde4-b215-480c-99b4-84a96edcdbd7 | ASimDnsActivityLogs GCPDNSDataConnector AzureFirewall CiscoUmbrellaDataConnector Corelight InfobloxNIOS NXLogDnsLogs DNS AIVectraStream WindowsForwardedEvents Zscaler ISCBind |
Rare client observed with high reverse DNS lookup count - Static threshold based (ASIM DNS Solution) | 77b7c820-5f60-4779-8bdb-f06e21add5f1 | ASimDnsActivityLogs GCPDNSDataConnector AzureFirewall CiscoUmbrellaDataConnector Corelight InfobloxNIOS NXLogDnsLogs DNS AIVectraStream WindowsForwardedEvents Zscaler ISCBind |
OCI - Multiple rejects on rare ports | 482c24b9-a700-4b2a-85d3-1c42110ba78c | OracleCloudInfrastructureLogsConnector |
OCI - SSH scanner | e087d4fb-af0b-4e08-a067-b9ba9e5f8840 | OracleCloudInfrastructureLogsConnector |
PaloAlto - Possible port scan | 3575a9c0-51c9-11ec-bf63-0242ac130002 | PaloAltoCDL |