Skip to main content

Network Monitoring

In this article

The ESA Threat Detection rules for monitoring network activity are vast limits vendor rules.

Network Rules

The rules in this section detect suspicious behavior related to network operations.

  • Suspicious network target names
  • PowerShell outbound network connections
  • Suspicious outbound Kerberos connections
  • PowerShell remoting
  • Detect network connects from suspicious sources
  • Detect network connects from Windows processes
  • Detect network connects from third-party tools
  • RDP connects from non-RDP software, indicating lateral movement
  • Detect network connects to suspicious ports
  • Detect network connects to 80 and 443 from non-browser applications


Your email address will not be published. Required fields are marked *