alltcpflags
Explanation
The alltcpflags security event is designed to trigger when all the TCP flags are set in a network packet. This can indicate a malicious attempt to evade detection by avoiding detection signatures. The event is triggered when a packet with all TCP flags set is captured by the Netography Fusion Portal. This NDM will only alert when you have a sample rate of 1.
What to Look For
When examining the results of the alltcpflags event, look for packets with all TCP flags set. This may indicate malicious activity, such as a network scan or an attempt to evade detection. It is important to analyze this event on both the network and endpoint to identify the root cause and take appropriate actions to prevent further activity. Make sure to investigate the source of the traffic and the ports being used to understand the full scope of the event.
Updated about 2 months ago