Spike in host-based traffic

About

Tags

Use Case: Threat DetectionRule Type: MLRule Type: Machine Learning

Severity

low

Risk Score

21

MITRE ATT&CK™

Exfiltration (TA0010)(external, opens in a new tab or window)

↳ Exfiltration Over C2 Channel (T1041)(external, opens in a new tab or window)

↳ Exfiltration Over Alternative Protocol (T1048)(external, opens in a new tab or window)

Impact (TA0040)(external, opens in a new tab or window)

↳ Network Denial of Service (T1498)(external, opens in a new tab or window)

↳ Endpoint Denial of Service (T1499)(external, opens in a new tab or window)

Execution (TA0002)(external, opens in a new tab or window)

↳ User Execution (T1204)(external, opens in a new tab or window)

Privilege Escalation (TA0004)(external, opens in a new tab or window)

↳ Exploitation for Privilege Escalation (T1068)(external, opens in a new tab or window)

Command and Control (TA0011)(external, opens in a new tab or window)

↳ Application Layer Protocol (T1071)(external, opens in a new tab or window)

Discovery (TA0007)(external, opens in a new tab or window)

↳ Network Service Discovery (T1046)(external, opens in a new tab or window)

False Positive Examples

System updates, scheduled backups, or misconfigured services may trigger this alert.

License

Elastic License v2(external, opens in a new tab or window)

Definition

Rule Type

Machine Learning

Integration Pack

Prebuilt Security Detection Rules

Related Integrations

endpoint(external, opens in a new tab or window)

Query

✄𐘗
text code block:
✄𐘗