Bitdefender network attack detected by network attack defense module

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

Technique:

Goal

This rule detect network attacks identified by the network attack defense module.

This rule monitors detections generated by the network attack defense module to identify potential network attacks.

Analyze the logs which contains {{@network.client.ip}} to identify potential network attack technique.
Investigate the nature of the detected network attack {{@params.events.detection_attackTechnique}} to determine if it is a known attack type.
Isolate the affected device(s) {{@network.destination.ip}} if necessary to prevent further propagation or impact.
Notify the relevant teams about the attack details and the actions taken.