Zero Networks unusual spike in blocked network activity

This rule is part of a beta feature. To learn more, contact Support.
zero-networks

Classification:

attack

Tactic:

TA0007-discovery

Technique:

T1046-network-service-discovery

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects unusual spike in blocked network activity.

Strategy

Monitor network activity logs and notify when unusual spike in blocked network activity.

Triage and Response

  1. Determine if the spike in blocked activity is widespread or isolated to a specific part of the network.
  2. Identify which systems or devices are involved, and check if any of them are outliers or have known vulnerabilities.
  3. Investigate if the spike corresponds with any recent changes, such as new devices, updates, or policy changes.
  4. Look for any related security alerts or system anomalies that might explain the spike in blocked activity.
PREVIEWING: sabrenner/llmobs-proxy-service-quickstart-guide