outbound_pop3_traffic

Explanation

The outbound_pop3_traffic event monitors for cleartext outbound POP3 traffic on the network. POP3 is a non-encrypted protocol used for email retrieval. Use of non-encrypted protocols such as POP3 should be discouraged as they can expose sensitive information to potential attackers.

What to Look For

To examine the results of the outbound_pop3_traffic event, look for any POP3 traffic leaving your network that is not using encryption. This traffic could be indicative of sensitive information being transmitted in cleartext. Ensure that all email applications and protocols are configured to use encrypted transport protocols such as SSL or TLS. It is recommended to prevent the use of non-encrypted protocols for email transfer wherever possible.