teamviewer_inside_to_outside

Suggest Edits

Explanation

This Netography Detection Model is designed to catch scans looking for instances of TeamViewer from a source inside your network to the outside.

What to Look For

When examining the results of the teamviewer_inside_to_outside NDM Event, focus on any traffic or activity indicating an attempt to scan outside ports from inside the network. Pay attention to any unusual activity on network endpoints that coincide with indications of TeamViewer use. Should such activity be found, it may be necessary to investigate further for signs of malicious intent or compromised systems.

Related MITRE ATT&CK Categories

Network Service Discovery

Active Scanning

Updated 13 days ago