Skip to content

Latest commit

 

History

History
55 lines (48 loc) · 3.91 KB

B3582ED2-1A0C-452D-9802-97433D143486.md

File metadata and controls

55 lines (48 loc) · 3.91 KB
Raw

Products: Netskope - Security Cloud

Rules

Rule ID Rule Name
MATCH-S00874 AWS Lambda Function Recon
LEGACY-S00004 Bitsadmin to Uncommon TLD
LEGACY-S00013 Connection to High Entropy Domain
MATCH-S00527 Email Files Written Outside Of The Outlook Directory
FIRST-S00030 First Seen Outbound Connection to External IP Address on Port 445 from IP Address
LEGACY-S00041 HTTP External Request to PowerShell Extension
LEGACY-S00045 HTTP request for single character file name
LEGACY-S00027 Hexadecimal in DNS Query Domain
LEGACY-S00047 High risk file extension download without hostname and referrer
THRESHOLD-S00079 Inbound Port Scan
MATCH-S00457 Large File Upload
MATCH-S00396 Large Outbound ICMP Packets
MATCH-S00725 Microsoft CHM File Observed
MATCH-S00402 Normalized Security Signal
MATCH-S00556 Outbound Data Transfer Protocol Over Non-standard Port
LEGACY-S00058 Pastebin Raw URL Resource Request
MATCH-S00835 Possible Dynamic URL Domain
MATCH-S00637 Possible Malicious Download
MATCH-S00584 Pwndrp Access
LEGACY-S00093 Script/CLI UserAgent string
LEGACY-S00095 Server-Side Code Injection in URL
OUTLIER-S00010 Spike in URL Length from IP Address
LEGACY-S00182 Suspicious HTTP User-Agent
LEGACY-S00111 Threat Intel - Device IP Matched Threat Intel URL
LEGACY-S00109 Threat Intel - Matched Domain Name
LEGACY-S00108 Threat Intel - Matched File Hash
LEGACY-S00107 Threat Intel Match - IP Address
LEGACY-S00165 VBS file downloaded from Internet

Log Mappers

Log Mapper ID Log Mapper Name
3E90EADD-5BA4-469A-8501-5FC0BE433B21 Netskope - Alerts
b21dd6bd-d73f-4e9d-aca7-d95f5fd6c93d Netskope - Anomaly - Bulk Download
bb41f15f-99b4-4f6b-aa69-83e1119d4810 Netskope - Anomaly - User Shared Credentials
5973FCD7-7D5A-4BDF-BB58-4AB6868D428C Netskope - Application Events
e0c69b8a-2fde-4e4c-a535-51f95298ab24 Netskope - Audit Authentication Events - Logoff
AB8A5262-6A3A-499C-AACB-499C2686394E Netskope - Audit Authentication Events - Logon
6A93C9CD-5B9D-4056-A0DD-E98F87A1C272 Netskope - Audit Events
cc658a93-1225-44ff-b6fc-95acd14a7861 Netskope - Catch All
FF1BADCE-0DC2-41F5-888F-88ECA95AE8A0 Netskope - Infrastructure Events
8345560d-add1-413c-9b93-ad3ada8ed1b0 Netskope - Login
4c0bdae5-7127-4caf-b9be-bd5eed63a962 Netskope - Network Events
6631785C-901C-42CE-AC18-EDEA8D2829D1 Netskope - Page Events
d7cad270-f8fc-4d0d-982b-31fe9fb90334 Netskope - nspolicy