Bitdefender network attack detected by network attack defense module

This rule is part of a beta feature. To learn more, contact Support.
bitdefender

Classification:

attack

Tactic:

TA0007-discovery

Technique:

T1016-system-network-configuration-discovery

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Goal

This rule detect network attacks identified by the network attack defense module.

Strategy

This rule monitors detections generated by the network attack defense module to identify potential network attacks.

Triage and Response

  1. Analyze the logs which contains {{@network.client.ip}} to identify potential network attack technique.
  2. Investigate the nature of the detected network attack {{@params.events.detection_attackTechnique}} to determine if it is a known attack type.
  3. Isolate the affected device(s) {{@network.destination.ip}} if necessary to prevent further propagation or impact.
  4. Notify the relevant teams about the attack details and the actions taken.