Detection Models by Category

Suggest Edits

Detection Models by Category

Attack

interactive_login_bad_rep
interactive_login_itar
long_inbound_https_bad_rep
outbound_tcp_4444
tor_connection_external_internal

Brute Force

kerberos_brute_internal_internal
kerberos_user_enumeration
mongodb_brute_external_internal
mongodb_brute_internal_external
mongodb_brute_internal_internal
mysql_brute_external_internal
mysql_brute_internal_external
mysql_brute_internal_internal
postgres_brute_external_internal
postgres_brute_internal_external
postgres_brute_internal_internal
rdpbrute_external_internal
rdpbrute_internal_external
rdpbrute_internal_internal
redis_brute_external_internal
redis_brute_internal_external
redis_brute_internal_internal
smb_brute_external_internal
smb_brute_internal_external
smb_brute_internal_internal
sshbrute_external_internal
sshbrute_internal_external
sshbrute_internal_internal
winrmbrute_external_internal
winrmbrute_internal_external
winrmbrute_internal_internal

Denial of Service

ackflood
chargenreflect
cldapreflect
codreflection
dns_amplification_participation
dnsattack
dnsreflection
fin_flood
icmpflood
memcachereflection
mssqlreflection
netbiosreflect
ntpreflect
psh_flood
ripreflection
rstflood
slpreflection
snmpreflection
srcdsreflection
ssdpreflect
sunrpcreflection
synflood
tp240_phone_home_reflect_ddos
urg_flood

Informational

6in4tunnel
alltcpflags
badprotocol
communication_to_itar_countries
ethoverip
ip_options_abuse
ipmi
largeicmp
tcp_dnstunneling
tcpfrag
tcpnull
udpfrag
unusual_protocol

Misconfiguration

external_access_of_smb
external_kerberos_access
external_ldap_access
external_printing_connections
external_snmp_sweep
internal_socks5_proxy
msrdp
outbound_database_exfil
outbound_ftp_traffic
outbound_imap_traffic
outbound_ldap_traffic
outbound_pop3_traffic
outbound_printing
outbound_rejected_traffic
outbound_smb_spike
outbound_smb_traffic
outbound_snmp_sweep
outbound_telnet_traffic
rdp_external_internal
registered_ports_ext_int
ssh_external_internal

Operational Governance

anydesk_usage
bitcoin_node_internal_external
bittorrent
bittorrent_user
connectwise_usage
external_socks5_proxy
external_tcp_44818
external_udp_2222
file-sharing_apple-icloud
file-sharing_dropbox_detection
file-sharing_idrive_detection
file-sharing_mega-service
file-sharing_microsoft-onedrive
file-sharing_wetransfer
gotoresolve_usage
internal_tor_relay
ipfs_usage
irctraffic
messaging_apple-push
messaging_discord
messaging_disqus
messaging_facebook-messenger
messaging_google-chat
messaging_icq
messaging_infobip
messaging_jpush
messaging_kakaotalk
messaging_kik
messaging_messagebird
messaging_meta-messaging
messaging_pushover
messaging_rocket-chat
messaging_samsung-push
messaging_signal
messaging_sinch
messaging_snapchat
messaging_stream-io
messaging_telegram
messaging_threema
messaging_wechat
messaging_whatsapp
messaging_zalo
outbound_6in4tunnel
outbound_ethoverip
outbound_teredo
outbound_teredo_spike
social_discourse_detection
social_instagram_detection
social_linkedin_detection
social_meta_detection
social_okcupid_detection
social_reddit_detection
social_tiktok_detection
social_tinder_detection
social_twitter_detection
teamviewer_usage
tor_connection_internal_external
unusual_open_tcp_ports
vpn_usage_internal_external

Post Compromise

coinminer_detection
communication_to_bad_rep
dlp-china
dlp-russia
dnstunneling
external_http_beacon
external_https_beacon
external_nonhttp_beacon
external_tcp_12345
ip_lookup_attempt
kerberosting_internal_internal
long_dns_connection
outbound_ping
rdp_internal_external
sinkhole_detection
suspected_port_abuse_internal
tcp_123
torrent_usage_detection
uncommon_icmp_reject
wkpsrcdst

Recon

censys_scanning
connscan
esxi_internal_slp_scan
http_scan_internal_external
http_scan_internal_internal
internal_snmp_sweep
kerberos_scan_external_internal
kerberos_scan_internal_external
kerberos_scan_internal_internal
ldap_scanning_inside_to_outside
ldap_scanning_internal
ldap_scanning_outside_to_inside
mesvcdesk_scan_external_internal
mesvcdesk_scan_internal_external
mesvcdesk_scan_internal_internal
nmapfingerprint
ping_scan_ext-int
ping_scan_int-ext
ping_scan_int-int
port_1433_scanning_internal
port_1433_scanning_outbound
port_445_scanning_internal
port_445_scanning_outbound
port_62078_scanning_outbound
port_8443_scanning_internal
port_8443_scanning_outbound
portscan
qualys_scanning
rdp_scanning_inside_to_outside
rdp_scanning_internal
rdp_scanning_outside_to_inside
redis_scan_external_internal
redis_scan_internal_external
redis_scan_internal_internal
rockwellics_tcp_scan_external_internal
rockwellics_tcp_scan_internal_external
rockwellics_tcp_scan_internal_internal
rockwellics_udp_scan_external_internal
rockwellics_udp_scan_internal_external
rockwellics_udp_scan_internal_internal
rstscan
scanner_rwth_aachen_univ
shadowserver_scanning
shodan_scanners
smartinst_scan_external_internal
smartinst_scan_internal_external
smartinst_scan_internal_internal
ssh_scan_internal_external
ssh_scan_internal_internal
synscan_external_internal
synscan_internal_external
synscan_internal_internal
teamviewer_inside_to_outside
teamviewer_out_to_inside
teamviewer_scanning_internal
veeam_scan_external_internal
veeam_scan_internal_external
veeam_scan_internal_internal
vnc_scanning_inside_to_outside
vnc_scanning_internal
vnc_scanning_outside_to_inside
weblogic_scan_external_internal
weblogic_scan_internal_external
weblogic_scan_internal_internal
xmastree

System

clocksync
flowrate
noflow

Updated 14 days ago