Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at Citrix.com.

Documentation

Version

  1. uberAgent
  2. 7.1.2
  3. ESA Features & Configuration
  4. Threat Detection Engine
  5. Network Monitoring
Previous document Next document

Network Monitoring

In this article

The ESA Threat Detection rules for monitoring network activity are vast limits vendor rules.

Network Rules

The rules in this section detect suspicious behavior related to network operations.

  • Suspicious network target names
  • PowerShell outbound network connections
  • Suspicious outbound Kerberos connections
  • PowerShell remoting
  • Detect network connects from suspicious sources
  • Detect network connects from Windows processes
  • Detect network connects from third-party tools
  • RDP connects from non-RDP software, indicating lateral movement
  • Detect network connects to suspicious ports
  • Detect network connects to 80 and 443 from non-browser applications

Comments

Your email address will not be published. Required fields are marked *