Detection Models by Category

Detection Models by Category

Attack

external_tcp_4444

internal_tcp_4444

interactive_login_bad_rep

interactive_login_itar

long_inbound_https_bad_rep

outbound_tcp_4444

tor_connection_external_internal

Brute Force

dcerpc_brute_external_internal

dcerpc_brute_internal_external

dcerpc_brute_internal_internal

imap_brute_external_internal

imap_brute_internal_external

imap_brute_internal_internal

kerberos_brute_internal_internal

kerberos_user_enumeration

mongodb_brute_external_internal

mongodb_brute_internal_external

mongodb_brute_internal_internal

mysql_brute_external_internal

mysql_brute_internal_external

mysql_brute_internal_internal

pop3_brute_external_internal

pop3_brute_internal_external

pop3_brute_internal_internal

postgres_brute_external_internal

postgres_brute_internal_external

postgres_brute_internal_internal

rdpbrute_external_internal

rdpbrute_internal_external

rdpbrute_internal_internal

redis_brute_external_internal

redis_brute_internal_external

redis_brute_internal_internal

smb_brute_external_internal

smb_brute_internal_external

smb_brute_internal_internal

sshbrute_external_internal

sshbrute_internal_external

sshbrute_internal_internal

winrmbrute_external_internal

winrmbrute_internal_external

winrmbrute_internal_internal

Denial of Service

dns_amplification_participation

memcachereflection

mssqlreflection

srcdsreflection

sunrpcreflection

tp240_phone_home_reflect_ddos

Informational

communication_to_itar_countries

ip_options_abuse

tcp_dnstunneling

unusual_protocol

Misconfiguration

cups_browsed_external_internal

cups_browsed_internal_external

external_access_of_smb

external_kerberos_access

external_ldap_access

external_printing_connections

external_snmp_sweep

fortinet_management_external_internal

fortinet_management_internal_internal

internal_socks5_proxy

outbound_database_exfil

outbound_ftp_traffic

outbound_imap_traffic

outbound_ldap_traffic

outbound_pop3_traffic

outbound_printing

outbound_rejected_traffic

outbound_smb_spike

outbound_smb_traffic

outbound_snmp_sweep

outbound_telnet_traffic

rdp_external_internal

registered_ports_ext_int

ssh_external_internal

Operational Governance

bitcoin_node_internal_external

bittorrent_tracker_internal_external

bittorrent_transfer_external_internal

bittorrent_transfer_internal_external

bittorrent_user

connectwise_usage

external_socks5_proxy

external_tcp_44818

external_udp_2222

file-sharing_apple-icloud

file-sharing_dropbox_detection

file-sharing_idrive_detection

file-sharing_mega-service

file-sharing_microsoft-onedrive

file-sharing_wetransfer

gotoresolve_usage

internal_tor_relay

messaging_apple-push

messaging_discord

messaging_disqus

messaging_facebook-messenger

messaging_google-chat

messaging_infobip

messaging_jpush

messaging_kakaotalk

messaging_messagebird

messaging_meta-messaging

messaging_pushover

messaging_rocket-chat

messaging_samsung-push

messaging_signal

messaging_sinch

messaging_snapchat

messaging_stream-io

messaging_telegram

messaging_threema

messaging_wechat

messaging_whatsapp

outbound_6in4tunnel

outbound_ethoverip

outbound_teredo

outbound_teredo_spike

social_discourse_detection

social_instagram_detection

social_linkedin_detection

social_meta_detection

social_okcupid_detection

social_reddit_detection

social_tiktok_detection

social_tinder_detection

social_twitter_detection

teamviewer_usage

tor_connection_internal_external

unusual_open_tcp_ports

vpn_usage_internal_external

Post Compromise

coinminer_detection

communication_to_bad_rep

external_http_beacon

external_https_beacon

external_nonhttp_beacon

external_tcp_12345

ip_lookup_attempt

kerberosting_internal_internal

long_dns_connection

rdp_internal_external

sinkhole_detection

suspected_port_abuse_internal

torrent_usage_detection

uncommon_icmp_reject

Recon

censys_scanning

esxi_internal_slp_scan

http_scan_internal_external

http_scan_internal_internal

internal_snmp_sweep

kerberos_scan_external_internal

kerberos_scan_internal_external

kerberos_scan_internal_internal

ldap_scanning_inside_to_outside

ldap_scanning_internal

ldap_scanning_outside_to_inside

mesvcdesk_scan_external_internal

mesvcdesk_scan_internal_external

mesvcdesk_scan_internal_internal

msmq_tcp_scan_external_internal

msmq_tcp_scan_internal_external

msmq_tcp_scan_internal_internal

msmq_udp_scan_external_internal

msmq_udp_scan_internal_external

msmq_udp_scan_internal_internal

nmapfingerprint

ping_scan_ext-int

ping_scan_int-ext

ping_scan_int-int

port_1433_scanning_internal

port_1433_scanning_outbound

port_445_scanning_internal

port_445_scanning_outbound

port_62078_scanning_outbound

port_8443_scanning_internal

port_8443_scanning_outbound

qualys_scanning

rdp_scanning_inside_to_outside

rdp_scanning_internal

rdp_scanning_outside_to_inside

redis_scan_external_internal

redis_scan_internal_external

redis_scan_internal_internal

rockwellics_tcp_scan_external_internal

rockwellics_tcp_scan_internal_external

rockwellics_tcp_scan_internal_internal

rockwellics_udp_scan_external_internal

rockwellics_udp_scan_internal_external

rockwellics_udp_scan_internal_internal

scanner_rwth_aachen_univ

shadowserver_scanning

shodan_scanners

smartinst_scan_external_internal

smartinst_scan_internal_external

smartinst_scan_internal_internal

ssh_scan_internal_external

ssh_scan_internal_internal

synscan_external_internal

synscan_internal_external

synscan_internal_internal

teamviewer_inside_to_outside

teamviewer_out_to_inside

teamviewer_scanning_internal

veeam_scan_external_internal

veeam_scan_internal_external

veeam_scan_internal_internal

vnc_scanning_inside_to_outside

vnc_scanning_internal

vnc_scanning_outside_to_inside

weblogic_scan_external_internal

weblogic_scan_internal_external

weblogic_scan_internal_internal

System

Updated about 2 months ago