Zero Networks blocked activity in internal network

This rule is part of a beta feature. To learn more, contact Support.
zero-networks

Classification:

attack

Tactic:

TA0007-discovery

Technique:

T1046-network-service-discovery

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects and alerts on blocked activities in the internal network, such as unauthorized access or malicious traffic being prevented by security measures.

Strategy

Monitor network activity logs and notify when blocked activity detected in internal network.

Triage and Response

  1. Check if the blocked action originates from legitimate internal users or unknown, potentially malicious sources.
  2. Look into the specific protocols and states involved to assess if the blocking aligns with normal network security policies.
  3. Cross-check with previous logs or data to see if this is a known pattern or a new threat.
PREVIEWING: esther/docs-11020-sheets-update