このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect user activity from suspicious IPs, specifically the Tor anonymisation network.
This may highlight malicious activity that a user doesn’t want to be linked to their real IP address.
Strategy
Correlate traces tagged with a user with the Threat Intelligence qualification of their IP address.
Require the trace to be flagged, either by a user event or by an In-App WAF attack.
A Low signal is then generated.
Triage and response
- Investigate the activity and validate that it is legitimate.
- Review activity from Tor IPs (
@threat_intel.ip:tor) to evaluate if you’re under attack. - Consider blocking the user if the activity is suspicious.
