outbound_ldap_traffic
Explanation
This Netography Fusion Portal event monitors for outbound LDAP traffic leaving the customer network. LDAP traffic to Internet destinations may be unexpected.
What to Look For
Investigation should start by looking at the Internet destination address of the LDAP traffic. In most cases, outbound LDAP traffic occurs because internal cloud hosted LDAP servers are not configured as part of the “Internal Network” within the Netography portal. If the destination host is not a known or authorized destination, the source host should be examined to determine if it is misconfigured. In some cases, unexpected LDAP traffic may be an indicator that the source host has been compromised.
Updated 4 days ago