This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.
The ESA Activity Monitoring rules for monitoring network activity are vast limits vendor rules.
The rules in this section detect suspicious behavior related to network operations.
- Suspicious network target names
- PowerShell outbound network connections
- Suspicious outbound Kerberos connections
- PowerShell remoting
- Detect network connects from suspicious sources
- Detect network connects from Windows processes
- Detect network connects from third-party tools
- RDP connects from non-RDP software, indicating lateral movement
- Detect network connects to suspicious ports
- Detect network connects to 80 and 443 from non-browser applications
Your email address will not be published. Required fields are marked *