outbound_printing

Suggest Edits

Explanation

This Netography Fusion Portal event monitors for outbound traffic to print servers on the Internet, specifically using the IPP or LDP protocols.

What to Look For

To examine the results of the outbound_printing event, look for traffic leaving the network or endpoint to the IPP or LDP ports on remote hosts. This may indicate that users are sending print jobs to remote printers. The use of external printers may violate corporate policy, and in some cases may be a vector for exfiltration of data without authorization.

Related MITRE ATT&CK Categories

Exfiltration Over Alternative Protocol, Techniques T1048

Updated 13 days ago