Bitdefender excessive access to blocked port or application detected

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

Technique:

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

This rule detects when more than 10 blocked ports or applications have been accessed.

This rule monitors firewall logs to identify excessive access to blocked ports or applications.

Analyze the firewall logs for Computer IP: {{@params.events.computer_ip}} associated with the spike in accessing blocked ports or applications.
Temporarily isolate the device from the network to prevent further access attempts while investigations are ongoing.
Conduct a security assessment of the endpoint to identify potential network misconfigurations or software errors that could expose vulnerabilities.
Check for signs of malware or compromised applications that may be attempting unauthorized access.
Implement necessary patches or configuration changes to address identified vulnerabilities.