Netography Detection Release Notes

Netography has recently released its Detection Model update on May 1, 2023, which includes powerful and continuously refined threat and network configuration detection models. These models, such as external_kerberos_access, knownbotnet, knownddos, knownmobilethreat, knownspamsrc, knownphisher, knownproxy, knowntorproxy, and knownwebattack, are included at no additional cost and are fully open for analysts to work with, without the need to push updates or download new packages. The Netography Threat Research Team is constantly improving their detection capabilities and seamlessly integrating them into the Netography Fusion platform, helping customers detect threats more easily and effectively.

Netography Detection Model Updates

Threat Detection

external_kerberos_access - This NDM was adjusted to improve efficacy.

knownbotnet - This NDM was adjusted to improve efficacy.

knownddos - This NDM was adjusted to improve efficacy

knownmobilethreat - This NDM was adjusted to improve efficacy.

knownspamsrc - This NDM was adjusted to improve efficacy.

knownphisher - This NDM was adjusted to improve efficacy.

knownproxy - This NDM was adjusted to improve efficacy.

knowntorproxy - This NDM was adjusted to improve efficacy.

knownwebattack - This NDM was adjusted to improve efficacy.

Post-Compromise Detection

outbound_tor_connection - This NDM was adjusted to use Netography Threat Research generated intelligence.

inbound_established_non_http - This NDM looks for established connections between two hosts on high port connections. This NDM is disabled by default and results will need to be reviewed for efficacy and tuning using the "Discard" function in the customer's NDM environment.

The Netography Threat Research Team constantly updates and improves our detection capabilities, seamlessly integrating them into the Netography Fusion® platform, so our customers can write once, then detect everywhere.